Brennan Kinney
76594c21c4
Add note about tls_ssl_options = NO_COMPRESSION
...
[Postfix docs](http://www.postfix.org/postconf.5.html#tls_ssl_options ):
> Disable SSL compression even if supported by the OpenSSL library. Compression is CPU-intensive, and compression before encryption does not always improve security.
[Postfix mailing list discussion](http://postfix.1071664.n5.nabble.com/patch-mitigate-CRIME-attack-td57978.html ):
> The CRIME attack does not apply to SMTP, because unlike SMTP, there is no javascript in SMTP clients that makes them send thousands of email messages with chosen plaintext compressed together in the same packet with SASL credentials or other sensitive data.
> The auditor completely failed to take the context into account.
[Mailing list discussion of potential compression CRIME-like attack](https://lists.cert.at/pipermail/ach/2014-December/001660.html )
> keeping compression disabled is a good idea.
If you need a good test score, PCI compliance will likely flag compression despite not having any known risk with non-HTTP TLS.
2020-04-29 19:41:08 +12:00
Brennan Kinney
e7de9bceaf
chore: Remove obsolete postfix parameter smtpd_use_tls
...
See: http://www.postfix.org/postconf.5.html#smtpd_tls_security_level
> this overrides the obsolete parameters `smtpd_use_tls` and `smtpd_enforce_tls`.
2020-04-27 23:24:26 +12:00
Erik Wramner
b168b73910
Merge pull request #1469 from youtous/pr-quota-feature
...
Feature: quota per mailbox
2020-04-26 18:03:23 +02:00
youtous
bdcf5e0cf1
fix send mail test quota
...
fix quota warning test: wait for postfix to be UP
increase postfix restart delay
2020-04-24 19:03:27 +02:00
youtous
2e149b74c2
fix async quota tests
2020-04-24 17:03:09 +02:00
youtous
04de46dc41
test quota reached
2020-04-24 15:53:44 +02:00
youtous
2527ebfaf2
added dovecot quota feature
...
add postfix service quota check
check-for-changes on quotas
setquota command
fix checkforchanges quota
addquota verify user exists
add setquota in setup.sh
merging addquota into setquota
test quota commands
add ldap tests for dovecot quota
fix smtp only quota postfix rules
test postfix conf
add quota test integration
add quota exceeded test
add wait analyze
fix tests
fix setup typo
add test fixes
fix error output
wip
update startup rules
fix setup
fix setup tests
fix output commands
remove quota on remove user
try to fix sync limit mails
check if file exists
fix path
change used quota user
fix post size
check if quota file exists
update tests
configure virtualmailbox limit for dovecot
last fix
fix quota expr
relax dovecot tests
auto create dovecot-quotas
fix dovecot apply quota test
wip quota warning
trying to fix get dovadm quota
dovecot applies fix
fix quota warning lda path
test count mail on quota
fix quota warning permissiosn
fix test
2020-04-24 14:56:15 +02:00
Erik Wramner
6cb3069c60
Merge pull request #1467 from casperklein/patch-1
...
rsyslog logrotate warning fixed
2020-04-23 14:16:57 +02:00
Casper
ccd838c027
rsyslog logrotate warning fixed
...
Fix for https://github.com/tomav/docker-mailserver/issues/1465
2020-04-23 00:39:56 +02:00
Erik Wramner
e85f3074fb
Merge pull request #1462 from casperklein/patch-1
...
AllowSupplementaryGroups change removed.
2020-04-22 21:44:36 +02:00
Casper
b21e14a1c2
AllowSupplementaryGroups change removed
...
1. "AllowSupplementaryGroups false" is no longer present in /etc/clamav/clamd.conf, therefore the command does not work anymore.
2. Since Clamd 0.100.0, "AllowSupplementaryGroups" is deprecated. See: https://blog.clamav.net/2018/04/clamav-01000-has-been-released.html
"Deprecation of the AllowSupplementaryGroups parameter statement in clamd, clamav-milter, and freshclam. Use of supplementary is now in effect by default."
2020-04-20 21:11:17 +02:00
Erik Wramner
8834242fc3
Merge pull request #1458 from casperklein/patch-1
...
Cleanup obsolete file removal
2020-04-20 11:20:37 +02:00
Casper
78fd5b8760
-f option removed from rm commands
...
Let build fail, if file does not exist.
2020-04-19 11:39:43 +02:00
Casper
5d79e56bf0
Cleanup obsolete file removal
...
`/etc/cron.weekly/fstrim` does not exist, so no need to remove it.
2020-04-18 13:09:50 +02:00
Erik Wramner
df26d35695
Merge pull request #1450 from casperklein/patch-1
...
Upgrade packages, Debian base image not updated often enough.
2020-04-12 08:31:40 +02:00
Casper
d56a0f86d5
hadolint ignore 3005 added
2020-04-12 03:18:08 +02:00
Erik Wramner
d92f0e2199
Merge pull request #1451 from erik-wramner/fix_792_error_mail
...
Fix error #792 in logrotate
2020-04-11 10:16:15 +02:00
Erik Wramner
e8a0cdc556
Fix error #792 in logrotate
2020-04-11 09:59:07 +02:00
Erik Wramner
fba3d785ae
Merge pull request #1424 from nknapp/master
...
Use upstream rules for dovecot fail2ban.
2020-04-11 09:33:30 +02:00
Nils Knappmeier
370d08fd33
fail2ban: use filter.d/dovecot.conf from distribution
...
closes #972
2020-04-10 22:21:40 +02:00
Casper
7e96ebe8b9
Upgrade packages
...
Some packages from the base image are upgradable. For example, that's the case for `libgnutls30` at the moment.
2020-04-10 12:47:58 +02:00
Erik Wramner
c24612e992
Removed commented lines
2020-04-05 12:01:57 +02:00
Erik Wramner
e81704483e
Merge pull request #1447 from erik-wramner/next_to_master
...
Merge next branch with Debian Buster into master.
2020-04-05 11:33:51 +02:00
Erik Wramner
73b8d65dd3
Merge next into master
2020-04-05 09:28:22 +02:00
Erik Wramner
04777fdb89
Merge pull request #1435 from Drakulix/master
...
amavis: fix config permission
2020-04-05 08:43:47 +02:00
Erik Wramner
bf3f7ed483
Merge pull request #1443 from phish108/issue_1442
...
activate shortcircuit plugin if requested, fixes #1442
2020-04-05 08:39:54 +02:00
Erik Wramner
cc25f1d6a2
Merge pull request #1445 from casperklein/patch-2
...
"connected-networks" info added
2020-04-03 08:00:20 +02:00
Casper
743e88e148
"connected-networks" info added
2020-04-02 23:50:10 +02:00
Christian Glahn
ff1248eeee
activate shortcircuit plugin, fixes #1442
2020-03-31 17:09:23 +02:00
Jairo Llopis
a00dced8bc
Allow to set comfortably inet_protocols
...
Setting `inet_protocols = ipv4` is almost a requirement when running behind Docker. Provide a way to make it easy.
@Tecnativa TT22925
2020-03-25 21:43:29 +01:00
Victor Brekenfeld
c491496b6e
avavis fix config permission
2020-03-24 15:43:35 +01:00
Erik Wramner
b435c3866c
Merge pull request #1409 from casperklein/patch-2
...
Missing options from README.md added.
2020-03-22 08:57:51 +01:00
Erik Wramner
142b98a209
Merge pull request #1427 from Tecnativa/inet-protocols
...
Allow to set comfortably inet_protocols
2020-03-22 08:56:55 +01:00
Erik Wramner
10cac7e755
Merge pull request #1433 from gmasse/elk-update
...
Update ELK container
2020-03-22 08:55:05 +01:00
Erik Wramner
fdf86eafe8
Merge pull request #1434 from gmasse/filebeat-in-container
...
Filebeat in its own container
2020-03-22 08:45:47 +01:00
Germain Masse
ce41f60888
Move filebeat to its own container
2020-03-20 17:56:18 +01:00
Germain Masse
03a095ea4d
Bump to ELK 7.6.1
2020-03-19 15:24:26 +01:00
Germain Masse
2a7e3b861f
Support GeoIP license number in ELK Dockerfile
2020-03-19 15:22:31 +01:00
Jairo Llopis
ab22450364
Allow to set comfortably inet_protocols
...
Setting `inet_protocols = ipv4` is almost a requirement when running behind Docker. Provide a way to make it easy.
@Tecnativa TT22925
2020-03-19 08:35:25 +00:00
Wandrille RONCE
d148eeddfb
Add an option to place spam in the inbox, and then sort the mail by a sieve rule for example
2020-03-16 18:47:24 +01:00
Rainer Rillke
bcb7f40260
README, env file: Warn about open relay configuration
...
Addresses: #1405
2020-03-16 18:46:57 +01:00
Casper
30c57b944b
Allow calling setup.sh from other scripts
...
Calling setup.sh from other scripts fails, for example when adding a new mailbox:
the input device is not a TTY
2020-03-16 18:46:44 +01:00
Robert Pufky
d3f7c56cdf
Fix broken fail2ban dovecot filter; use <HOST> instead of undocumented feature.
...
* Replace deprecated, undocumented fail2ban feature "(\P<host>\S*)" with
supported host match "<HOST>".
* Fixes "No failure-id group in '(?: pop3-login|ima ..." fail2ban dovecot filter
error message.
* See: https://github.com/fail2ban/fail2ban/issues/2130
2020-03-16 18:45:22 +01:00
Erik Wramner
33d0f0f64d
Updated readme with announcement
2020-03-16 18:38:28 +01:00
Erik Wramner
f2c9424828
Merge pull request #1407 from casperklein/patch-1
...
Allow calling setup.sh from other scripts by using tty command.
2020-03-16 17:02:18 +01:00
Erik Wramner
e59859cfe5
Merge pull request #1431 from VanVan/master
...
Add an option to place spam in the inbox, and then sort the mail by a sieve rule (not included).
2020-03-16 16:51:08 +01:00
Wandrille RONCE
90951876cd
Add an option to place spam in the inbox, and then sort the mail by a sieve rule for example
2020-03-15 17:51:12 +01:00
Erik Wramner
c075a0e436
Merge pull request #1415 from Rillke/rr/2020/openRelayWarning
...
README, env file: Warn about open relay configuration
2020-03-02 07:57:42 +01:00
Rainer Rillke
43df48cb06
README, env file: Warn about open relay configuration
...
Addresses: #1405
2020-03-01 19:51:16 +01:00
Casper
6b21e637a5
Missing options from README.md added.
2020-02-22 23:36:14 +01:00