youtous
0c838706d0
Option to disable dovecot quota
2020-05-01 23:42:21 +02:00
youtous
e8581be2d3
Prevent sieve symlink to be evaluated as a directory by dovecot
2020-05-01 23:20:15 +02:00
youtous
3aeacef125
remove start-mailserver nested conditions dovecot quota
2020-04-30 16:11:45 +02:00
youtous
d45e6b1c22
#fix 1478
2020-04-30 12:47:12 +02:00
Erik Wramner
35f473ad12
Merge pull request #1474 from polarathene/chore/remove-obsolete-param-usetls
...
chore: Remove obsolete postfix parameter `smtpd_use_tls`
2020-04-30 08:02:11 +02:00
Brennan Kinney
76594c21c4
Add note about tls_ssl_options = NO_COMPRESSION
...
[Postfix docs](http://www.postfix.org/postconf.5.html#tls_ssl_options ):
> Disable SSL compression even if supported by the OpenSSL library. Compression is CPU-intensive, and compression before encryption does not always improve security.
[Postfix mailing list discussion](http://postfix.1071664.n5.nabble.com/patch-mitigate-CRIME-attack-td57978.html ):
> The CRIME attack does not apply to SMTP, because unlike SMTP, there is no javascript in SMTP clients that makes them send thousands of email messages with chosen plaintext compressed together in the same packet with SASL credentials or other sensitive data.
> The auditor completely failed to take the context into account.
[Mailing list discussion of potential compression CRIME-like attack](https://lists.cert.at/pipermail/ach/2014-December/001660.html )
> keeping compression disabled is a good idea.
If you need a good test score, PCI compliance will likely flag compression despite not having any known risk with non-HTTP TLS.
2020-04-29 19:41:08 +12:00
Brennan Kinney
e7de9bceaf
chore: Remove obsolete postfix parameter smtpd_use_tls
...
See: http://www.postfix.org/postconf.5.html#smtpd_tls_security_level
> this overrides the obsolete parameters `smtpd_use_tls` and `smtpd_enforce_tls`.
2020-04-27 23:24:26 +12:00
youtous
03b8f87ffc
update dovecot conf comment
2020-04-26 22:23:51 +02:00
youtous
47fac2706f
use ffdhe4096 for DHE params
...
use by default ffdhe4096 for DHE params
use by default ffdhe4096 for DHE params
2020-04-26 22:23:51 +02:00
youtous
f60de0c66e
init tests cases ffdhe4096
2020-04-26 22:23:51 +02:00
youtous
2527ebfaf2
added dovecot quota feature
...
add postfix service quota check
check-for-changes on quotas
setquota command
fix checkforchanges quota
addquota verify user exists
add setquota in setup.sh
merging addquota into setquota
test quota commands
add ldap tests for dovecot quota
fix smtp only quota postfix rules
test postfix conf
add quota test integration
add quota exceeded test
add wait analyze
fix tests
fix setup typo
add test fixes
fix error output
wip
update startup rules
fix setup
fix setup tests
fix output commands
remove quota on remove user
try to fix sync limit mails
check if file exists
fix path
change used quota user
fix post size
check if quota file exists
update tests
configure virtualmailbox limit for dovecot
last fix
fix quota expr
relax dovecot tests
auto create dovecot-quotas
fix dovecot apply quota test
wip quota warning
trying to fix get dovadm quota
dovecot applies fix
fix quota warning lda path
test count mail on quota
fix quota warning permissiosn
fix test
2020-04-24 14:56:15 +02:00
Nils Knappmeier
370d08fd33
fail2ban: use filter.d/dovecot.conf from distribution
...
closes #972
2020-04-10 22:21:40 +02:00
Erik Wramner
73b8d65dd3
Merge next into master
2020-04-05 09:28:22 +02:00
Erik Wramner
04777fdb89
Merge pull request #1435 from Drakulix/master
...
amavis: fix config permission
2020-04-05 08:43:47 +02:00
Christian Glahn
ff1248eeee
activate shortcircuit plugin, fixes #1442
2020-03-31 17:09:23 +02:00
Jairo Llopis
a00dced8bc
Allow to set comfortably inet_protocols
...
Setting `inet_protocols = ipv4` is almost a requirement when running behind Docker. Provide a way to make it easy.
@Tecnativa TT22925
2020-03-25 21:43:29 +01:00
Victor Brekenfeld
c491496b6e
avavis fix config permission
2020-03-24 15:43:35 +01:00
Erik Wramner
142b98a209
Merge pull request #1427 from Tecnativa/inet-protocols
...
Allow to set comfortably inet_protocols
2020-03-22 08:56:55 +01:00
Germain Masse
ce41f60888
Move filebeat to its own container
2020-03-20 17:56:18 +01:00
Jairo Llopis
ab22450364
Allow to set comfortably inet_protocols
...
Setting `inet_protocols = ipv4` is almost a requirement when running behind Docker. Provide a way to make it easy.
@Tecnativa TT22925
2020-03-19 08:35:25 +00:00
Wandrille RONCE
d148eeddfb
Add an option to place spam in the inbox, and then sort the mail by a sieve rule for example
2020-03-16 18:47:24 +01:00
Robert Pufky
d3f7c56cdf
Fix broken fail2ban dovecot filter; use <HOST> instead of undocumented feature.
...
* Replace deprecated, undocumented fail2ban feature "(\P<host>\S*)" with
supported host match "<HOST>".
* Fixes "No failure-id group in '(?: pop3-login|ima ..." fail2ban dovecot filter
error message.
* See: https://github.com/fail2ban/fail2ban/issues/2130
2020-03-16 18:45:22 +01:00
Wandrille RONCE
90951876cd
Add an option to place spam in the inbox, and then sort the mail by a sieve rule for example
2020-03-15 17:51:12 +01:00
Robert Pufky
a82caf5d9b
Fix broken fail2ban dovecot filter; use <HOST> instead of undocumented feature.
...
* Replace deprecated, undocumented fail2ban feature "(\P<host>\S*)" with
supported host match "<HOST>".
* Fixes "No failure-id group in '(?: pop3-login|ima ..." fail2ban dovecot filter
error message.
* See: https://github.com/fail2ban/fail2ban/issues/2130
2020-02-01 14:57:03 -08:00
Erik Wramner
f342151b80
Fixed several amavis tests and removed commented code
2020-01-26 16:39:58 +01:00
Erik Wramner
a208748ea2
Configure amavis with D_BOUNCE for spam
2020-01-26 08:34:40 +01:00
Erik Wramner
85ae8a1471
Fix fail2ban issues and install some suggested amavis packages
2020-01-25 15:33:06 +01:00
Erik Wramner
91b2c9834e
Upgrade to buster and remove filebeat
2020-01-25 15:33:06 +01:00
Torben Weibert
ca16307729
Added -f flag to chmod command to suppress error when no sieve-pipe scripts exist
2020-01-21 22:18:00 +01:00
Torben Weibert
70d87f5119
Add executable flag for scripts in /usr/lib/dovecot/sieve-pipe
2020-01-21 18:18:16 +01:00
Erik Wramner
ae2aa6eeb4
Merge pull request #1372 from phish108/shortcircuit-bayes-99-mini
...
activate SA shortcircuit features via env, fixes #1118 (again)
2020-01-15 07:28:00 +01:00
Lukas Elsner
35df764107
fix clamav issue in logwatch
2020-01-13 17:58:34 -05:00
Christian Glahn
b8726b80a4
activate SA shortcircuit features via env, fixes #1118
2020-01-13 14:22:14 +01:00
Erik Wramner
d847be2d5a
Merge pull request #1331 from Tecnativa/srs-sender-classes
...
Allow to configure SRS sender classes easily
2019-12-06 07:22:46 +01:00
Jairo Llopis
7f1bc8f8b3
Avoid infinite failure log in Amavis with SMTP_ONLY=1
...
Fix #801 by simply touching the file if it doesn't exist.
@Tecnativa TT20505
2019-12-03 13:43:43 +00:00
Jairo Llopis
42348ff353
Allow to configure SRS sender classes easily
...
This will allow to forward safely any email from any host, no matter how strict their SPF policy is, by setting `SRS_SENDER_CLASSES=envelope_sender,header_sender`.
@Tecnativa TT20505
2019-12-03 13:33:51 +00:00
Erik Wramner
da1287c1a5
Changed wrong set options in pflogsumm cron job
2019-12-01 09:19:47 +01:00
Erik Wramner
c882d95deb
Merge pull request #1284 from vortex852456/master
...
Added optional file user-patches.sh for own patches without recompiling
2019-11-09 15:13:06 +01:00
Germain Masse
36afac7726
New option DOVECOT_MAILBOX_FORMAT
2019-11-04 15:49:29 +00:00
Germain Masse
e465e659ad
Remove unnecessary maildir folders creation
2019-11-01 20:04:37 +00:00
Erik Wramner
37e0082cd7
Set expected permissions in log #1300
2019-10-27 09:22:16 +01:00
Vortex
c30c3bf5de
moved user_patches from misc to nearly the end of setups
2019-10-16 18:56:06 +02:00
Daniel Dobko
e441f1318a
Tests should work from now on
...
Merge branch 'user-patches.sh'
# Conflicts:
# config/user-patches.sh
# target/start-mailserver.sh
2019-10-08 21:55:46 +02:00
Undercover1989
275a83667a
base files
2019-10-08 21:22:12 +02:00
Undercover1989
0975b71d72
chown docker:docker /tmp/docker-mailserver/user-patches.sh
2019-10-08 19:24:01 +02:00
Undercover1989
b5c422c3c5
start user-patches.sh native instead of explicit using the bash-command
2019-10-08 15:08:01 +02:00
Undercover1989
b01071f52f
Added optional file ./config/user-patches.sh which is executed between configuration and starting daemons (misc-section)
2019-10-07 21:04:49 +02:00
Erik Wramner
5f9428fcf3
Set REPORT_RECIPIENT to postmaster when 0
2019-09-24 21:09:48 +02:00
Erik Wramner
b9515eae4c
Fix report_recipient bugs
2019-09-22 17:16:33 +02:00
Erik Wramner
008b8e6bce
Fix #1093 , pflogsumm and logwatch
2019-09-16 08:00:35 +02:00
Erik Wramner
f14c9fc6ce
Moved Postfix overrides last to fix #1143
2019-09-15 18:29:46 +02:00
Erik Wramner
0eef718ed2
Fix #1251 intermediate TLS level
2019-09-05 19:39:33 +02:00
Erik Wramner
615a845d6c
Fixed bug when dh.pem/dhparam.pem exists with ONE_DIR
2019-08-13 07:26:31 +02:00
Erik Wramner
5ebb8614a2
Merge pull request #1220 from erik-wramner/dhparam_on_start
...
Generate dhparam and dovecot cert on start
2019-08-12 22:00:31 +02:00
Erik Wramner
f5dac6e71c
Disable SMTPUTF8 as Dovecot can't handle it
2019-08-11 17:14:00 +02:00
Erik Wramner
d6838e8274
Remove spamassassin cron job when spamassassin is off
2019-08-11 09:52:50 +02:00
Erik Wramner
9d7873850d
Move dovecot cert generation to startup
2019-08-10 10:15:35 +02:00
Erik Wramner
fc8d684994
Generate dhparams at startup, not build
2019-08-09 22:13:50 +02:00
Roman Seyffarth
5eb0d5ffa6
Fixed opendkim config on multiple nameservers
2019-08-09 09:04:43 +02:00
Martin Schulze
fcce47a392
WIP: actually test PERMIT_DOCKER=connected-networks
...
also showcase timeouts and makefile integration
2019-08-07 02:24:56 +02:00
Erik Wramner
41921f82aa
Merge pull request #1205 from j-marz/opendkim_nameserver
...
set Nameservers in opendkim.conf at start-up
2019-08-04 18:54:08 +02:00
j-marz
8a1584c3cb
set Nameservers in opendkim.conf at start-up
2019-08-03 15:26:44 +10:00
Martin Schulze
234632913e
Add PERMIT_DOCKER=connected-networks
2019-08-02 15:05:00 +02:00
Erik Wramner
81e9c7dcff
Protect user db with flock
2019-08-01 19:39:25 +02:00
Erik Wramner
ec4661194b
Compute checksum after possible in-place sed changes
2019-08-01 12:05:48 +02:00
Erik Wramner
7f3e5a22e1
Create checksums in start script, avoid race condition
2019-08-01 09:58:22 +02:00
Erik Wramner
573609e011
Put checksum file in /tmp as suggested in code review
2019-07-31 12:56:18 +02:00
Erik Wramner
37708b5787
Added comment explaining chksum file location
2019-07-31 10:41:32 +02:00
Erik Wramner
311bdfa1ba
Keep checksum file outside shared/mounted area
2019-07-30 16:10:51 +02:00
Erik Wramner
566c28555a
Revert "Sync after update to make sure changes propagate to host"
...
This reverts commit 66711cfe5d33a9ce5ae3d78e7b7c04e68edf1571.
2019-07-30 16:10:51 +02:00
Erik Wramner
b58fd30c0a
Sync after update to make sure changes propagate to host
2019-07-30 16:10:51 +02:00
Erik Wramner
f21bffe322
Fix 1198 freshclam ( #1199 )
...
* Run freshclam as clamav user not root
* Remove freshclam cron job when clamav is disabled
2019-07-29 11:15:49 +02:00
j-marz
42675ba7ad
Fixed self-signed cert generation ( #1183 )
...
Added optional FQDN arguement to setup.sh script which avoids using temporary container hostname for cert names. Also fixed issue with certs being saved outside config volume
2019-07-29 11:14:36 +02:00
Torben Weibert
cba6b07391
Allow postfix master.cf overrides to start with numbers, not only characters ( #1190 )
2019-07-24 15:11:00 +02:00
Erik Wramner
603dbbd7b0
1175: specify user for cron.d freshclam file ( #1176 )
...
* 1175: specify user for cron.d freshclam file
* Fix Dovecot SSL parameters and generate dhparams as for Postfix
* Fixed broken unit tests
2019-07-23 16:12:12 +02:00
jjtt
a3724fa91d
Support for setting relayhost in main.cf ( #1104 )
...
* Added DEFAULT_RELAY_HOST setting
* If set this value will be used as the relayhost in /etc/postfix/maincf causing all mail to be delivered using this relay host
* Test for default relay host setting
2019-01-19 11:10:31 +01:00
Andrey Likhodievskiy
a989d77a87
Disable ssl when no certificate is set ( Closes : #1083 , #1085 )
...
* Modified start-mailserver.sh with two new options for SSL certificate Configuration ():
+ ‘’ (empty string) modifies dovecot configs to allow plain text access
+ * (default) does nothing but warn with message ‘SSL configured by default’
* Updated README.md:
SSL_TYPE environment variable with unknown value will set SSL by default
2018-12-02 12:59:16 +01:00
Daniel Panteleit
0fb4a6d082
Clear up env format and hostname value ( #1076 )
...
* Describe format for .env in README
* Display used domain and hostname even when they are not acceptable
This should be clearer for the user when the hostname was set incorrectly.
2018-11-11 20:46:53 +01:00
Daniel Panteleit
cc56b4f89e
Calling supervisord directly instead of via shell ( Closes : #1047 , #1074 )
2018-11-04 20:23:50 +01:00
Marius Panneck
351c9c80a8
Added default values for LDAP_START_TLS and DOVECOT_TLS ( Closes : #1071 , #1073 )
2018-11-04 19:50:40 +01:00
Peter Hartmann
30ed8fbf0e
Configuration support for /etc/aliases( Closes : #988 , #1065 )
...
* Update check-for-changes.sh
* add postfix-aliases.cf and handling of runtime updates
2018-11-01 20:17:07 +01:00
millerjason
53a344a056
Support for additional postgrey options ( Close : #998 , #999 , #1046 )
...
* addnl postgrey whitelist support. closes #998 , closes #999 .
modified: Dockerfile
modified: Makefile
modified: README.md
modified: docker-compose.elk.yml.dist
modified: docker-compose.yml.dist
modified: target/start-mailserver.sh
modified: target/supervisor/conf.d/supervisor-app.conf
new file: test/config/whitelist_recipients
new file: test/nc_templates/postgrey_whitelist_local.txt
new file: test/nc_templates/postgrey_whitelist_recipients.txt
modified: test/tests.bats
* match existing indent convention
modified: target/start-mailserver.sh
* ISSUE-999: add support for header_checks
modified: Dockerfile
modified: target/postfix/main.cf
* ISSUE-999: add empty header_check file
new file: target/postfix/header_checks.pcre
2018-11-01 19:32:36 +01:00
olaf-mandel
8c8426ef4a
postfix: fix message size limits ( #1061 )
...
The message size limit was reduced in c8728eab
from the postfix
default [1] of 10,240,000B = 10,000kiB = ~10MiB to only
1,048,576B = 1MiB. And the documentation claims that this would be 10MiB
instead of 1MiB.
Restore the old behaviour as default and fix the documentation as well.
[1]: http://www.postfix.org/postconf.5.html
2018-10-20 20:10:30 +02:00
Jiří Kozlovský
c8728eab8a
feat: added postfix message & mailbox size limits to ENV settings ( Closes : #629 , #1056 )
2018-10-15 21:17:45 +02:00
Birkenstab
92002041ba
Fix missing quotes in env export ( Closes : #1007 , #1048 )
2018-10-14 10:07:05 +02:00
Birkenstab
a198ea8495
Fix allow sending emails from regexp aliases when spoof protection is enabled ( #1032 )
2018-09-12 18:55:13 +02:00
James
d518a9fc1d
DOMAINNAME can fail to be set in postsrsd-wrapper.sh ( #989 )
...
* DOMAINNAME can fail to be set in postsrsd-wrapper.sh
if the container doesn’t have a proper hostname, postsrsd will fail to start
because SRS_DOMAIN is empty. Make a best effort to figure out the domain name
and provide a way to set one if needed.
2018-06-19 08:17:32 +02:00
n00dl3
261a78c036
fix SASL domain ( fixes #892 , #970 )
...
setting value as `$myhostname` will make sasl look for users `user@mail.domain.tld` instead of `user@domain.tld`
2018-06-14 20:02:49 +02:00
Franz Keferböck
e27e13c1b3
Add saslauthd option for ldap_start_tls & ldap_tls_check_peer - (Solves: #979 , #980 )
2018-06-02 21:16:16 +02:00
ixeft
60656aec49
Report sender ( #965 )
...
* added REPORT_SENDER env variable to the container.
* integration test for REPORT_SENDER
* added tests for default REPORT_SENDER
2018-05-01 19:57:31 +02:00
Johan Smits
5d03bb0982
Update docker-configomat ( #959 )
2018-04-23 20:59:27 +02:00
Paul Adams
283ac70bb9
don't update permissions on non-existent file ( #956 )
2018-04-23 20:42:47 +02:00
Paul Adams
ea848eb86f
Deliver root mail ( #952 )
...
* Configure delivery of root's mail to postmaster
* Tests for delivery of root mail
* add missing email template
2018-04-23 20:35:33 +02:00
17Halbe
59ce9d03f0
Testfixes & more ( #942 )
...
* fixed useless updatetest, made updatemailuser and addmailuser setup.sh compliant.
* changed documentation
2018-04-08 16:12:41 +02:00
Paul Adams
a564cca0e5
set postmaster address to a sensible default ( #938 , #939 , #940 )
2018-04-05 19:04:55 +02:00
17Halbe
cc7c1f8804
Introducing global filters. ( #934 )
...
* Introducing global filters
* added optional after.dovecot.sieve/before.dovecot.sieve files
* added global filter test
2018-04-05 18:54:01 +02:00
Pierre-Yves Rofes
137d623171
Ensure that the account contains a @ ( #923 , #924 )
...
* Ensure that the provided username actually contains a domain
* Update README.md to be consistent with addmailuser script
* Add a test to check if the username includes the domain
2018-04-04 18:59:28 +02:00
17Halbe
7015d09404
Set default virus delete time ( #932 , #935 )
2018-04-04 18:48:55 +02:00
Andreas Gerstmayr
1490f652c0
fix line breaks in postfix-summary mail error case ( #936 )
2018-04-04 18:45:50 +02:00
17Halbe
2e06228b10
Password creation fix ( #908 , #914 )
...
* fix password with spaces is stripped to first word
2018-04-02 16:55:54 +02:00