Commit graph

2583 commits

Author SHA1 Message Date
georglauterbach 3a64a7a97c
add ShellCheck global directives 2024-01-16 19:13:38 +01:00
georglauterbach 87b92f6f88
move log/filter functions into own file 2024-01-16 11:58:55 +01:00
Georg Lauterbach 068ceb1d1a
docs: misc improvements (#3773)
* correct misc typos

We also seem to be favoring `behavior` over `behaviour`.

* bump MkDocs version

* resolve errors shown when buildg docs

* improve the Rspamd page

* behaviour -> behavior

Streamline the usage of this word. The majority used behavior, so I
opted to go with this way of spelling it.

* Apply suggestions from code review

---------

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2024-01-16 08:38:08 +00:00
dependabot[bot] 2bf5234250
chore(deps): Bump anchore/scan-action from 3.4.0 to 3.5.0 (#3782)
Bumps [anchore/scan-action](https://github.com/anchore/scan-action) from 3.4.0 to 3.5.0.
- [Release notes](https://github.com/anchore/scan-action/releases)
- [Changelog](https://github.com/anchore/scan-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/anchore/scan-action/compare/v3.4.0...v3.5.0)

---
updated-dependencies:
- dependency-name: anchore/scan-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-16 10:18:13 +13:00
Brennan Kinney 265440b2bb
fix: Ensure .svbin files are newer than .sieve source files (#3779) 2024-01-15 10:34:15 +01:00
Den ce6ebcc021
docs: Rspamd DKIM config simplify via path setting (#3702)
docs: Rspamd DKIM config (`dkim_signing.conf`) example has been simplified via `path` + `selector` settings.

---------

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2024-01-15 13:10:03 +13:00
Brennan Kinney 1449629479
fix: Revert quoting SA_SPAM_SUBJECT in mailserver.env (#3767)
In Docker Compose `.env` files are parsed properly when values are wrapped with quotes. Trailing white-space is also discarded, like it would be with shell variables.

This is not the case with `docker run` or other CRI like `podman` (_including it's compose equivalent support_). Those will parse the quotes to be included in a literal string value. Trailing white-space is also retained.

Hence a default with a trailing space is not compatible across CRI. This change documents the default with additional context on how to include a trailing white-space with a custom value for the users CRI choice. It additionally clearly communicates the opt-out value for this feature.
2024-01-15 11:23:23 +13:00
Georg Lauterbach 3a142f9726
tests: small adjustments (#3772) 2024-01-14 23:14:03 +01:00
github-actions[bot] f794f65caa
docs: updated CONTRIBUTORS.md (#3777)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2024-01-14 14:08:27 +01:00
Joerg Sonnenberger e3331b0f44
feat: Add MTA-STS support for outbound mail (#3592)
* feat: add support for MTA-STS for outgoing mails

* Hook-up mta-sts-daemon into basic process handling test

* fix: Call python script directly

The python3 shebang will run it, which will now meet the expectations of the process testing via pgrep. fail2ban has the same approach.

---------

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2024-01-13 21:37:20 +13:00
Casper 71e1102749
Tiny #3480 follow up: Add missing ENABLE_OAUTH2 var (#3775) 2024-01-12 23:48:14 +01:00
Keval Kapdee 52c4582f7b
feat: Auth - OAuth2 (Dovecot PassDB) (#3480)
Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2024-01-13 09:45:14 +13:00
Georg Lauterbach 06fab3f129
tests: streamline tests and helpers further (#3747)
Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2024-01-11 10:34:08 +01:00
Casper aba218e6d7
Fix jaq: Download platform specific binary (#3766)
* choose architecture dynamically
2024-01-10 12:31:30 +13:00
dependabot[bot] 8d8936dfac
chore(deps): Bump anchore/scan-action from 3.3.8 to 3.4.0 (#3761)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-08 17:40:50 +00:00
dependabot[bot] ac25fb495b
chore(deps): Bump docker/metadata-action from 5.4.0 to 5.5.0 (#3762)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-08 18:39:28 +01:00
Brennan Kinney 5e28c17cf4
docs: SpamAssassin ENV docs refactor (#3756)
* chore: Log `SPAMASSASSIN_SPAM_TO_INBOX=1` ENV correctly

ENV name logged was incomplete.

* docs: Update SA related ENV docs

* fix: Log level `warning` should be `warn`

* docs: FAQ - Revise outdated SA entry

* chore: Antispam / Antivirus => Anti-spam / Anti-virus

* docs: ENV - Additional revisions to SA ENV

* docs: ENV - Move `ENABLE_SPAMASSASSIN_KAM`
2024-01-08 03:07:38 +01:00
github-actions[bot] 8e20173200
docs: updated CONTRIBUTORS.md (#3757)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2024-01-08 09:40:01 +13:00
Brennan Kinney 6d666512c1
ci: .gitattributes - Ensure eol=lf for shell scripts (#3755)
* ci: `.gitattributes` - Ensure `eol=lf` for shell scripts

- These files should always use LF for line endings during a checkout.
- `Dockerfile` does not like building with HereDoc `RUN` scripts that expect LF.
2024-01-08 09:34:24 +13:00
Casper 0eb4ac7714
tests: Replace wc -l with grep -c (#3752) 2024-01-06 17:07:00 +01:00
Brennan Kinney 6082d5f8d0
chore: Disable smtputf8 support in config directly (#3750)
* chore: Disable `smtputf8` support in config

This was always configured disabled at runtime, better to just set explicitly in `main.cf` unless config diverges when Dovecot is enabled to opt-out of this feature.
2024-01-05 23:18:30 +01:00
Georg Lauterbach 04f4ae4569
Rspamd: add custom symbol scores for SPF, DKIM & DMARC (#3726) 2024-01-05 09:07:31 +01:00
Georg Lauterbach 8f391e4d5a
release: v13.2.0 (#3746)
* bump `VERSION` & adjust `CHANGELOG.md`

* chore: Bump the unreleased base compare tag in `CHANGELOG.md`

---------

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2024-01-04 22:14:51 +01:00
Georg Lauterbach bf69ef248e
Postfix: add smtpd_data_restrictions = reject_unauth_pipelining (#3744)
* add `smtpd_data_restrictions = reject_unauth_pipelining`

* fix: Skip restriction if trusted

* add changelog entry

* revert change to `postfix-amavis.cf`

* Update CHANGELOG.md

---------

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2024-01-04 22:13:13 +01:00
Georg Lauterbach 25c7024cc4
security(Postfix): Protect against "SMTP Smuggling" attack (#3727)
View `CHANGELOG.md` entry and PR for details.

---------

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2024-01-03 14:02:59 +13:00
Georg Lauterbach 9e81517fe3
tests: Use swaks instead of nc for sending mail (#3732)
See associated `CHANGELOG.md` entry for details.

---------

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2024-01-03 13:17:54 +13:00
Brennan Kinney 0889b0ff06
fix: supervisor-app.conf - Correct the log location for postgrey (#3724)
* fix: `supervisor-app.conf` - Correct `postgrey` log location

Looks like this should have been like every other service and reference a log file(s) based on program name in the supervisor log directory.

* tests: Adjust log location for `postgrey_enabled.bats`
2023-12-30 09:59:09 +13:00
Georg Lauterbach 8392e3c1a8
release: v13.1.0 (#3720)
Co-authored-by: Casper <casperklein@users.noreply.github.com>
Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2023-12-29 13:58:54 +01:00
Brennan Kinney 72517d3f82
docs: Debugging - Delivery failure from service downtime (#3718)
* docs: Debugging - Delivery failure from service downtime

Services may be temporarily down, such as when restarted when certificates are updated due to the `check-for-changes.sh` service. This is another known source of intermittent delivery failures.
2023-12-26 09:53:32 +13:00
Casper 3adb53eb12
Remove sed statement (#3715) 2023-12-20 13:43:32 +13:00
Brennan Kinney 226ec847a4
ci: Remove VERSION from Dockerfile (#3711)
* ci: Remove `VERSION` from `Dockerfile`

This line was meant to be dropped with the switch to using the `DMS_RELEASE` ENV.
2023-12-19 08:35:16 +00:00
github-actions[bot] 6a56c7e749
docs: update CONTRIBUTORS.md (#3704)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2023-12-19 06:01:25 +00:00
Brennan Kinney 03052a65b8
ci: Allow lint workflow to be manually triggered (#3714)
* ci: Allow lint workflow to be manually triggered

Without this a different event must occur to trigger the workflow, which is inconvenient for automated PRs.
2023-12-19 18:59:59 +13:00
Brennan Kinney ca2c53dde7
ci: Avoiding linting CONTRIBUTORS.yml (#3705)
The file is managed by the `contributors.yml` workflow, no need for linting to be triggered on PRs for that change.

This should ideally skip the required check status for the lint workflow which cannot trigger implicitly for automated PRs. If this doesn't work the change should be reverted.
2023-12-19 14:41:07 +13:00
Brennan Kinney 5908d9f060
tests(refactor): Dovecot quotas (#3068)
* chore: Extract out Dovecot Quota test cases into new test file

Test cases are just cut + paste, no logic changed there yet.

* chore: Rename test case descriptions

* chore: Use `setup ...` methods instead of direct calls

* chore: Adjust `_run_in_container_bash` to `_run_in_container`

Plus some additional bug fixes in the disabled test case

* tests(refactor): Revise ENV test cases for max mailbox and message sizes

* tests(refactor): Revise ENV test cases for mailbox and message limits v2

Removes the extra variables and filtering in favour of explicit values instead of matching for comparison.

- Easier at a glance to know what is actually expected.
- Additionally reworks the quota limit checks in other test cases. Using a different formatter for `doveadm` is easier to match the desired value (`Limit`).

* chore: Sync improvement from `tests.bats` master

---

NOTE: This PR has been merged to avoid additional maintenance burden without losing the improvements. It was not considered complete, but remaining tasks were not documented in the PR.
2023-12-19 14:33:38 +13:00
dependabot[bot] ee87291225
chore(deps): Bump dawidd6/action-download-artifact from 2 to 3 (#3707) 2023-12-19 01:29:15 +01:00
dependabot[bot] 5015dc80b1
chore(deps): Bump actions/upload-artifact from 3 to 4 (#3708) 2023-12-19 00:16:38 +01:00
dependabot[bot] b9f7ff86de
chore(deps): Bump docker/metadata-action from 5.3.0 to 5.4.0 (#3710)
Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 5.3.0 to 5.4.0.
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Commits](https://github.com/docker/metadata-action/compare/v5.3.0...v5.4.0)

---
updated-dependencies:
- dependency-name: docker/metadata-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-18 15:50:56 +01:00
dependabot[bot] 083e464084
chore(deps): Bump github/codeql-action from 2 to 3 (#3709) 2023-12-18 14:05:37 +01:00
Casper 98a4c13ca9
Add ENV ENABLE_IMAP (#3703) 2023-12-18 12:26:28 +01:00
dependabot[bot] bbed3f6608
chore(deps): Bump actions/stale from 8 to 9 (#3696) 2023-12-11 21:36:30 +01:00
René Plötz 2f5dfed726
fix: Only set virtual_mailbox_maps to texthash when using the FILE account provisioner (#3693)
Signed-off-by: René Plötz <reneploetz@users.noreply.github.com>
2023-12-11 10:22:31 +13:00
github-actions[bot] bc9172fa74
docs: updated CONTRIBUTORS.md (#3691) 2023-12-10 21:08:19 +01:00
Casper d3b4e94d06
update-check: fix 'read' exit status (#3688)
Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2023-12-08 01:20:17 +01:00
Peter Adam 77917f5cc6
scripts: Install arm64 rspamd from official repository (#3686)
* scripts: Install rspamd from official repository instead of debian backports on arm64 architecture

* Remove unnecessary deb-src repository for rspamd

* Remove note about ARM64 rspamd version, update CHANGELOG.md

---------

Co-authored-by: Peter Adam <p.adam@cygnusnetworks.de>
2023-12-07 23:45:02 +01:00
Casper 908d38047c
scripts: add warning when update-check is enabled, but no stable release image is used (#3684) 2023-12-05 20:42:30 +00:00
Brennan Kinney c75975d59e
chore: Postfix should integrate Dovecot at runtime (#3681)
* chore: Better establish startup scope

* chore: Configure `main.cf` for Dovecot at runtime
2023-12-05 17:16:39 +13:00
dependabot[bot] 1ff8d57ea1
chore(deps): Bump anchore/scan-action from 3.3.7 to 3.3.8 (#3682)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-04 20:34:20 +00:00
dependabot[bot] 7ce745a82d
chore(deps): Bump docker/metadata-action from 5.0.0 to 5.3.0 (#3683)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-04 21:32:49 +01:00
Brennan Kinney 01689ab788
docs: Troubleshooting - Bare domain misconfiguration (#3680) 2023-12-03 23:22:43 +01:00