Georg Lauterbach
dd5c0b003a
removing debug trace
2020-11-05 12:40:24 +01:00
Georg Lauterbach
5365e7f0f8
fixes #1677
2020-11-05 11:41:18 +01:00
Georg Lauterbach
f0105f6d47
Merge pull request #1613 from martin-schulze-vireso/feature/extract_even_more_tests
2020-10-28 11:16:15 +01:00
Charles Harris
451bbfdf40
silence errorneous output when not generating reports ( #1657 )
...
* silence errorneous output when not generating reports
* remove incorrect variable assignment
* change error messages and logic when reports turned off
* changing warn -> inf
Co-authored-by: Charles Harris
Co-authored-by: Georg Lauterbach
2020-10-21 19:45:47 +02:00
Georg Lauterbach
da8171388f
Complete Refactor for target/bin
( #1654 )
...
* documentation and script updates trying to fix #1647
* preparations for refactoring target/bin/
* complete refactor for target/bin/
* changing script output slightly
* outsourcing functions in `bin-helper.sh`
* re-wrote linting to allow for proper shellcheck -x execution
* show explanation for shellcheck ignore
* adding some more information
2020-10-21 18:16:32 +02:00
Georg Lauterbach
0ada57d87c
Documentation and Script Updates trying to fix #1647 ( #1653 )
...
* documentation and script updates trying to fix #1647
* re-trigger tests
* removing unnecessary rm statements
* re-trigger tests
2020-10-21 16:00:35 +02:00
Martin Schulze
1bd1fd3b32
Merge remote-tracking branch 'tvial/master' into feature/extract_even_more_tests
2020-10-20 13:19:15 +02:00
Georg Lauterbach
d5543b21c4
Correction for LINE variable
2020-10-19 16:29:25 +02:00
Georg Lauterbach
6bff929b13
Merge pull request #1 from martin-schulze-vireso/feature/extract_even_more_tests
...
Feature/extract even more tests
2020-10-18 15:25:50 +02:00
Casper
90778de19d
Quotes removed to have a uniform style
2020-10-17 22:17:59 +02:00
Martin Schulze
c46edee8f9
Mark the end of restarts due to changes by moving the checksum file
2020-10-17 02:04:30 +02:00
Georg Lauterbach
94c2a68bd5
Updated submodule target/docker-configomat
2020-10-11 19:41:53 +02:00
Georg Lauterbach
916ef571b9
Miscellaneous cleanup / housekeeping ( #1641 )
2020-10-06 14:45:55 +02:00
Georg Lauterbach
177d24feab
streamlined all scripts (now completely adhering to the contributing guidelines)
2020-10-02 15:45:57 +02:00
Sergey Nazaryev
84dbf4a7b4
Merge pull request #1634 from 3ap/master
...
fix: use self-signed cert for dovecot
2020-10-01 22:32:15 +02:00
Georg Lauterbach
1d18cb81fb
possible fix for tomav#1383
2020-09-28 11:42:50 +02:00
Georg Lauterbach
8e8671bb42
added option to use non-default network-interface, resolves #1227 ( #1621 )
...
* added option to use non-default network-interface (#1227 )
* minor (stylistic) changes
* properly working with Bash arrays for CONTAINER_NETWORKS
* cleanup to trigger rebuild
* added CODE_OF_CONDUCT to trigger rebuild
2020-09-26 15:11:52 +02:00
Georg Lauterbach
a0791ef457
formatting files according to standard ( #1619 )
...
* added EditorConfig linting
* adding `eclint` as Travis script target
* re-adjusted .pem files to have a newline
2020-09-24 14:54:21 +02:00
Casper
9f7414d95f
remove unnecessary use of cat
( #1616 )
2020-09-23 21:53:07 +02:00
Georg Lauterbach
566eaa0e13
complete refactoring for start-mailserver.sh
( #1605 )
...
* completely refactored `start-mailserver.sh`
* added braces; correctly formatted tabs / spaces
* included `start-mailserver` into shellcheck checks
* cleanup
* removed unnecessary shellcheck comments adding braces and "" where necessary
* corrected some mistakes in CONTRIBUTING
* Makefile now uses correct shellcheck
2020-09-23 10:21:37 +02:00
Georg Lauterbach
77520bf96f
adjusted coding style guidelines; added table of contents
2020-09-09 17:19:48 +02:00
Georg Lauterbach
323303431a
fixed shellcheck version
2020-09-08 19:49:19 +02:00
Georg Lauterbach
f7ca406ec9
fixing #1602 ; variable-brace-policy changed;
2020-09-06 12:27:40 +02:00
Georg Lauterbach
67e1e586c7
coherent renaming of functions
2020-09-05 16:53:36 +02:00
Georg Lauterbach
bf679a5504
changes from tomav#1599 without start-mailserver.sh
...
included all changes from the work on refactoring all scripts, but excluded one big script to make merging easier; replaced mapfile with read
2020-09-05 16:19:12 +02:00
mwnx
42352a3259
Update relayhost_map with virtual accounts too
...
Previously, only postfix-relaymap.cf and postfix-accounts.cf would be
used to populate the relayhost_map file.
Now, also use postfix-virtual.cf when present. To me, there is nothing
absurd about sending mail "From:" a virtual account (or more
specifically its domain) so it makes sense that when a $RELAY_HOST is
defined it should be used for virtual accounts as well.
2020-08-28 15:03:51 +02:00
mwnx
1286a1266b
Fix/refactor relayhost_map update when dynamically adding account
...
check-for-changes.sh did not have a special case to handle lines in
postfix-relaymap.cf consisting of only a domain (indicating that said
domain should never be relayed). This case is handled by
start-mailserver.sh so when such a line existed, things would work well
until a config file update was detected by check-for-changes.sh. After
that, the generated relayhost_map file would be corrupted.
Fixed by factoring a 'populate_relayhost_map' function out of
start-mailserver.sh and into helper_functions.sh and reusing it in
check-for-changes.sh.
Note: There are certainly quite a few more pieces of code that could be
refactored in a similar fashion.
Note2: check-for-changes.sh would previously never update the
relayhost_map file when $ENABLE_LDAP was set to 1. I don't think this
was intended —there is after all no such condition in
start-mailserver.sh— and so this condition no longer applies.
2020-08-28 15:03:51 +02:00
mwnx
2a70f33a4b
Fix checksum race condition in check-for-changes.sh
...
If a change to one of the tracked files happened soon after (<1 second?)
a previously detected change, it could end up going undetected. In
particular, this could cause integration tests to fail (see next
commits).
Fixed by computing the new checksum file _before_ checking for changes.
2020-08-28 14:57:43 +02:00
Erik Wramner
26cc0c49ca
Merge pull request #1573 from casperklein/patch-2
...
addalias: check if two arguments are given
2020-07-22 16:13:51 +02:00
Martin Wepner
821d88e93a
add break; remove empty print
2020-07-20 11:28:23 +02:00
Martin Wepner
6bd1fb568e
fix: extractCertsFromAcmeJson fails if "sans" not in Certificates.domain.main
2020-07-19 23:57:16 +02:00
Casper
398b1dd554
Merge pull request #2 from casperklein/patch-1
...
Small change to error message
2020-07-19 21:33:41 +02:00
Casper
2ffb0de1db
Small change to error message
2020-07-19 21:33:06 +02:00
Casper
79f6c88653
Merge pull request #1 from casperklein/patch-3
...
More detailed error message
2020-07-19 21:26:36 +02:00
Casper
11ab4a84a9
More detailed error message
2020-07-19 21:23:59 +02:00
Casper
7c0998f7fa
Check if second argument is given
2020-07-19 21:21:01 +02:00
Erik Wramner
f206ad7ee1
Merge pull request #1553 from MichaelSp/letsencrypt-traefik-acme-json
...
Letsencrypt traefik v2 acme json
2020-07-16 07:49:04 +02:00
guardiande
5c5c8eb814
Revert dummy change
2020-07-15 09:39:59 +02:00
guardiande
7189d4c63f
Dummy change to trigger travis
2020-07-15 09:12:14 +02:00
guardiande
76d3f7643a
Fix sasl_password generation to allow passwords containing hashes
2020-07-15 08:26:25 +02:00
Michael Sprauer
d61a8cd9c0
letsencrypt & traefik wildcard support
...
set SSL_DOMAIN=*.example.com to extract a wildcard certificate from traefiks acme.json store
2020-07-13 22:58:17 +02:00
Michael Sprauer
3a3cec6a8f
trigger reload if cert change
...
/etc/letsencrypt/live/$HOSTNAME/key.pem and /etc/letsencrypt/live/$HOSTNAME/fullchain.pem are watched and will trigger a reload if changed
2020-07-07 21:26:53 +02:00
Ben
2ee280dcb3
Update dovecot-ldap.conf.ext
...
add auth_bind = no so that it can be overridden via the env-mailserver file used by docker compose. This is related to #1526
2020-07-04 11:50:25 -07:00
Michael Sprauer
32c732e276
certificates from acme.json
...
Will extract certificates from acme.json as written by traefik for usage in dovecot and postfix.
Also watches acme.json for changes. For this to work the file has to be mounted/present at `/etc/letsencrypt/acme.json`
2020-06-30 22:43:22 +02:00
Erik Wramner
df4e04f033
Merge pull request #1547 from MrFreezeex/master
...
Fix dovecot variable with whitespace
2020-06-28 11:02:58 +02:00
Gio
d888dbcf7f
Fix typo
2020-06-27 23:07:17 -05:00
Arthur Outhenin-Chalandre
c7f9fbd439
Fix dovecot variable with whitespace
...
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
2020-06-27 11:17:25 +02:00
Casper
c359521121
Typo fixed
2020-06-14 04:39:34 +02:00
Nicholas Pepper
1b659a5574
Modified letsencrypt support to add domain name checking in addition to
...
hostname checking. Added necessary tests and renamed original manual
ssl test to a name that supports adding the other SSL tests.
2020-05-15 04:52:26 +00:00
youtous
04059cd618
MAIL-8818 - Postfix information leakage
...
To prevent announcing software or version to malicious people or scripts, it is advised to hide such information.
This information is provided as part of the Lynis community project. It is related to Lynis control MAIL-8818 and should be considered as-is and without guarantees.
https://cisofy.com/lynis/controls/MAIL-8818/
2020-05-10 16:04:53 +02:00
youtous
d0f7257333
support comments in .cf files
2020-05-06 22:59:55 +02:00
youtous
32d16084ec
sieve scripts using alphabetical order
2020-05-04 16:13:47 +02:00
youtous
92414b7eba
sieve after/before use folder instead of individual listing
...
Loading sieve scripts using a directory scheme permits to handle multi scripts wtihout defining individual sieve_before/sieve_after
2020-05-04 00:27:29 +02:00
youtous
30262128f4
raise a warning when SPAMASSASSIN_SPAM_TO_INBOX isn't explicitly defined
2020-05-03 10:33:50 +02:00
youtous
d829905cf7
init spams to junk
2020-05-03 10:33:28 +02:00
Erik Wramner
23eb7c42ab
Merge pull request #1481 from youtous/fix-sieve-folder
...
Prevent sieve symlink to be evaluated as a directory by dovecot
2020-05-02 08:09:09 +02:00
Erik Wramner
0537c6f046
Merge pull request #1482 from youtous/feature-quota-optional
...
Feature quota optional.
2020-05-02 08:07:38 +02:00
youtous
16cd4f9d2d
Reduce opportunities for a potential CPU exhaustion attack with NO_RENEGOTIATION
...
See https://en.wikipedia.org/wiki/Resource_exhaustion_attack
2020-05-02 00:04:05 +02:00
youtous
0c838706d0
Option to disable dovecot quota
2020-05-01 23:42:21 +02:00
youtous
e8581be2d3
Prevent sieve symlink to be evaluated as a directory by dovecot
2020-05-01 23:20:15 +02:00
youtous
3aeacef125
remove start-mailserver nested conditions dovecot quota
2020-04-30 16:11:45 +02:00
youtous
d45e6b1c22
#fix 1478
2020-04-30 12:47:12 +02:00
Erik Wramner
35f473ad12
Merge pull request #1474 from polarathene/chore/remove-obsolete-param-usetls
...
chore: Remove obsolete postfix parameter `smtpd_use_tls`
2020-04-30 08:02:11 +02:00
Brennan Kinney
76594c21c4
Add note about tls_ssl_options = NO_COMPRESSION
...
[Postfix docs](http://www.postfix.org/postconf.5.html#tls_ssl_options ):
> Disable SSL compression even if supported by the OpenSSL library. Compression is CPU-intensive, and compression before encryption does not always improve security.
[Postfix mailing list discussion](http://postfix.1071664.n5.nabble.com/patch-mitigate-CRIME-attack-td57978.html ):
> The CRIME attack does not apply to SMTP, because unlike SMTP, there is no javascript in SMTP clients that makes them send thousands of email messages with chosen plaintext compressed together in the same packet with SASL credentials or other sensitive data.
> The auditor completely failed to take the context into account.
[Mailing list discussion of potential compression CRIME-like attack](https://lists.cert.at/pipermail/ach/2014-December/001660.html )
> keeping compression disabled is a good idea.
If you need a good test score, PCI compliance will likely flag compression despite not having any known risk with non-HTTP TLS.
2020-04-29 19:41:08 +12:00
Brennan Kinney
e7de9bceaf
chore: Remove obsolete postfix parameter smtpd_use_tls
...
See: http://www.postfix.org/postconf.5.html#smtpd_tls_security_level
> this overrides the obsolete parameters `smtpd_use_tls` and `smtpd_enforce_tls`.
2020-04-27 23:24:26 +12:00
youtous
03b8f87ffc
update dovecot conf comment
2020-04-26 22:23:51 +02:00
youtous
47fac2706f
use ffdhe4096 for DHE params
...
use by default ffdhe4096 for DHE params
use by default ffdhe4096 for DHE params
2020-04-26 22:23:51 +02:00
youtous
f60de0c66e
init tests cases ffdhe4096
2020-04-26 22:23:51 +02:00
youtous
2527ebfaf2
added dovecot quota feature
...
add postfix service quota check
check-for-changes on quotas
setquota command
fix checkforchanges quota
addquota verify user exists
add setquota in setup.sh
merging addquota into setquota
test quota commands
add ldap tests for dovecot quota
fix smtp only quota postfix rules
test postfix conf
add quota test integration
add quota exceeded test
add wait analyze
fix tests
fix setup typo
add test fixes
fix error output
wip
update startup rules
fix setup
fix setup tests
fix output commands
remove quota on remove user
try to fix sync limit mails
check if file exists
fix path
change used quota user
fix post size
check if quota file exists
update tests
configure virtualmailbox limit for dovecot
last fix
fix quota expr
relax dovecot tests
auto create dovecot-quotas
fix dovecot apply quota test
wip quota warning
trying to fix get dovadm quota
dovecot applies fix
fix quota warning lda path
test count mail on quota
fix quota warning permissiosn
fix test
2020-04-24 14:56:15 +02:00
Nils Knappmeier
370d08fd33
fail2ban: use filter.d/dovecot.conf from distribution
...
closes #972
2020-04-10 22:21:40 +02:00
Erik Wramner
73b8d65dd3
Merge next into master
2020-04-05 09:28:22 +02:00
Erik Wramner
04777fdb89
Merge pull request #1435 from Drakulix/master
...
amavis: fix config permission
2020-04-05 08:43:47 +02:00
Christian Glahn
ff1248eeee
activate shortcircuit plugin, fixes #1442
2020-03-31 17:09:23 +02:00
Jairo Llopis
a00dced8bc
Allow to set comfortably inet_protocols
...
Setting `inet_protocols = ipv4` is almost a requirement when running behind Docker. Provide a way to make it easy.
@Tecnativa TT22925
2020-03-25 21:43:29 +01:00
Victor Brekenfeld
c491496b6e
avavis fix config permission
2020-03-24 15:43:35 +01:00
Erik Wramner
142b98a209
Merge pull request #1427 from Tecnativa/inet-protocols
...
Allow to set comfortably inet_protocols
2020-03-22 08:56:55 +01:00
Germain Masse
ce41f60888
Move filebeat to its own container
2020-03-20 17:56:18 +01:00
Jairo Llopis
ab22450364
Allow to set comfortably inet_protocols
...
Setting `inet_protocols = ipv4` is almost a requirement when running behind Docker. Provide a way to make it easy.
@Tecnativa TT22925
2020-03-19 08:35:25 +00:00
Wandrille RONCE
d148eeddfb
Add an option to place spam in the inbox, and then sort the mail by a sieve rule for example
2020-03-16 18:47:24 +01:00
Robert Pufky
d3f7c56cdf
Fix broken fail2ban dovecot filter; use <HOST> instead of undocumented feature.
...
* Replace deprecated, undocumented fail2ban feature "(\P<host>\S*)" with
supported host match "<HOST>".
* Fixes "No failure-id group in '(?: pop3-login|ima ..." fail2ban dovecot filter
error message.
* See: https://github.com/fail2ban/fail2ban/issues/2130
2020-03-16 18:45:22 +01:00
Wandrille RONCE
90951876cd
Add an option to place spam in the inbox, and then sort the mail by a sieve rule for example
2020-03-15 17:51:12 +01:00
Robert Pufky
a82caf5d9b
Fix broken fail2ban dovecot filter; use <HOST> instead of undocumented feature.
...
* Replace deprecated, undocumented fail2ban feature "(\P<host>\S*)" with
supported host match "<HOST>".
* Fixes "No failure-id group in '(?: pop3-login|ima ..." fail2ban dovecot filter
error message.
* See: https://github.com/fail2ban/fail2ban/issues/2130
2020-02-01 14:57:03 -08:00
Erik Wramner
f342151b80
Fixed several amavis tests and removed commented code
2020-01-26 16:39:58 +01:00
Erik Wramner
a208748ea2
Configure amavis with D_BOUNCE for spam
2020-01-26 08:34:40 +01:00
Erik Wramner
85ae8a1471
Fix fail2ban issues and install some suggested amavis packages
2020-01-25 15:33:06 +01:00
Erik Wramner
91b2c9834e
Upgrade to buster and remove filebeat
2020-01-25 15:33:06 +01:00
Torben Weibert
ca16307729
Added -f flag to chmod command to suppress error when no sieve-pipe scripts exist
2020-01-21 22:18:00 +01:00
Torben Weibert
70d87f5119
Add executable flag for scripts in /usr/lib/dovecot/sieve-pipe
2020-01-21 18:18:16 +01:00
Erik Wramner
ae2aa6eeb4
Merge pull request #1372 from phish108/shortcircuit-bayes-99-mini
...
activate SA shortcircuit features via env, fixes #1118 (again)
2020-01-15 07:28:00 +01:00
Lukas Elsner
35df764107
fix clamav issue in logwatch
2020-01-13 17:58:34 -05:00
Christian Glahn
b8726b80a4
activate SA shortcircuit features via env, fixes #1118
2020-01-13 14:22:14 +01:00
Erik Wramner
d847be2d5a
Merge pull request #1331 from Tecnativa/srs-sender-classes
...
Allow to configure SRS sender classes easily
2019-12-06 07:22:46 +01:00
Jairo Llopis
7f1bc8f8b3
Avoid infinite failure log in Amavis with SMTP_ONLY=1
...
Fix #801 by simply touching the file if it doesn't exist.
@Tecnativa TT20505
2019-12-03 13:43:43 +00:00
Jairo Llopis
42348ff353
Allow to configure SRS sender classes easily
...
This will allow to forward safely any email from any host, no matter how strict their SPF policy is, by setting `SRS_SENDER_CLASSES=envelope_sender,header_sender`.
@Tecnativa TT20505
2019-12-03 13:33:51 +00:00
Erik Wramner
da1287c1a5
Changed wrong set options in pflogsumm cron job
2019-12-01 09:19:47 +01:00
Erik Wramner
c882d95deb
Merge pull request #1284 from vortex852456/master
...
Added optional file user-patches.sh for own patches without recompiling
2019-11-09 15:13:06 +01:00
Germain Masse
36afac7726
New option DOVECOT_MAILBOX_FORMAT
2019-11-04 15:49:29 +00:00
Germain Masse
e465e659ad
Remove unnecessary maildir folders creation
2019-11-01 20:04:37 +00:00
Erik Wramner
37e0082cd7
Set expected permissions in log #1300
2019-10-27 09:22:16 +01:00
Vortex
c30c3bf5de
moved user_patches from misc to nearly the end of setups
2019-10-16 18:56:06 +02:00