Commit graph

372 commits

Author SHA1 Message Date
Georg Lauterbach 0949f16344
scripts/ENV: make disabling Redis possible (#3132)
* make disabling Redis possible

* add documentation

* Apply suggestions from code review

* Update docs/content/config/environment.md

---------

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2023-03-01 16:24:59 +01:00
Georg Lauterbach 972406099e
docs: add docs about Abusix integration into Rspamd (#3104) 2023-02-22 10:46:24 +01:00
Georg Lauterbach bee9e3627d
rspamd: add feature for adjusting options with a file parsed by DMS (#3059)
Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2023-02-19 12:36:43 +01:00
Georg Lauterbach ac1df91181
chore(Postfix): disable DNSBLs (#3069) 2023-02-11 00:24:09 +01:00
Georg Lauterbach 1a0c2a351a
rspamd: follow-up of #3016 (#3039) 2023-01-30 08:23:58 +01:00
Georg Lauterbach 555fbb78c4
feature: provide better rspamd suppport (#3016)
* added options to toggle OpenDKIM & OpenDMARC

rspamd can provide DKIM signing and DMARC checking itself, so users
should be able to disable OpenDKIM & OpenDMARC. The default is left at
1, so users have to to opt-in when the want to disable the features.

* misc small enhancements

* adjusted start of rspamd

The order of starting redis + rspamd was reversed (now correct) and
rspamd now starts with the correct user.

* adjusted rspamd core configuration

The main configuration was revised. This includes AV configuration as
well as worker/proxy/controller configuration used to control the main
rspamd processes.

The configuration is not tested extensively, but well enough that I am
confident to go forward with it until we declare rspamd support as
stable.

* update & improve the documentation

* add tests

These are some initial tests which test the most basic functionality.

* tests(refactor): Improve consistency and documentation for test helpers (#3012)

* added `ALWAYS_RUN` target `Makefile` recipies (#3013)

This ensures the recipies are always run.

Co-authored-by: georglauterbach <44545919+georglauterbach@users.noreply.github.com>

* adjusted rspamd test to refactored test helper functions

* improve documentation

* apply suggestions from code review (no. 1 by @polarthene)

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>

* streamline heredoc (EOM -> EOF)

* adjust rspamd test (remove unnecessary run arguments)

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2023-01-25 10:28:59 +01:00
i-C-o-d-e-r b2cd66fcda
docs: Clarify description of explicit TLS (#3017)
* Fix #3007: Changed description of explicit TLS to indicate that insecure connections are rejected

* Further clarification that description only applies to authentication

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2023-01-23 01:09:38 +13:00
Brennan Kinney 133eb9bc2e
tests(refactor): mail_lmtp_ip.bats (#3004)
* chore: Drop ENV `ENABLE_POSTFIX_VIRTUAL_TRANSPORT`

* tests(chore): Remove redundant `dovecot-lmtp` config

None of this is needed. Only relevant change is changing the LMTP service listener for Dovecot and that can be delegated to `user-patches.sh`.

* tests(refactor): Use `user-patches.sh` instead of replacing config file

The only relevant changes in `test/config/dovecot-lmtp` regarding LMTP was:
- `/etc/dovecot/dovecot.conf` (`protocols = imap lmtp`) and `/etc/dovecot/protocols.d/` (`protocols = $protocols lmtp`).
- `conf.d/10-master.conf` only changed the LMTP service listener from a unix socket to TCP on port 24 (_this was the only change required for the test to pass_).

None of those configs are required as:
- `protocols = imap pop3 lmtp` [is the upstream default](https://doc.dovecot.org/settings/core/#core_setting-protocols), no need to add `lmtp`.
- The LMTP service listener is now configured for the test with `user-patches.sh`.

* tests(refactor): `mail_lmtp_ip.bats`

- Converted to new testing conventions and common container helpers.
- `ENABLE_POSTFIX_VIRTUAL_TRANSPORT` was not relevant, dropped.
- Revised test cases, logic remains the same.
- Large custom config used was not documented and doesn't appear to serve any purpose. Simplified by replacing with a single modification with `user-patches.sh`.
- Added some additional comments for context of test and improvements that could be made.

* tests(chore): Adjust comments

The comment from `mail_hostname` provides no valid context, it was likely copied over from `tests.bats` in Oct 2020 by accident.

The email sent is just for testing, nothing relevant to LMTP.

---

Added additional comment for test to reference extra information from.

* tests(chore): Update similar log line matching

Extracts out the match pattern and formatting commands into separate vars (reduces horizontal scrolling), and includes extra docs about what the matched line should be expected to look like.
2023-01-15 18:33:31 +13:00
Casper 6ac59ef871
Fix several typos (#2990) 2023-01-10 14:13:50 +01:00
Brennan Kinney 2b4105ef0a
chore(housekeeping): Cleaning up broken links (#2667)
These two links have remained broken for over 6 months. Removing them. 

* chore(housekeeping): Broken links

* chore: Remove broken links from `mailserver.env`
2023-01-09 12:22:37 +13:00
Y.C.Huang 88715974eb
docs: Provision a cert with the ACME DNS-01 challenge via Certbot + Cloudflare (#2968)
* docs: Certbot cloudflare
Add docs for implement certbot-dns-cloudflare to generate certificate for mail server

* Apply suggestions from code review

* fix: certbot-cloudflare docs

Fix the docker-compose command according to the advice

* feat: DNS-Cloudflare certificate renew
Add docs for implementing renewing certificate with crontab

* Apply suggestions from code review

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2023-01-07 11:58:50 +13:00
Georg Lauterbach 26ac48f34a
feature: provide initial Rspamd support (#2902) 2023-01-05 08:39:00 +01:00
Brennan Kinney fe21fe78e2
chore: Remove legacy ENV SASL_PASSWD (#2946)
As per deprecation notice from v11.3 release notes, and a related prior PR; this ENV is to be removed.

It's no longer considered useful, and none of the tests that configured it were actually using it for relaying anything.
2022-12-23 15:30:40 +13:00
pravynandas 0eef7789a2
docs: Improve setup CLI password example (#2926)
* Update setup.sh.md

Example to include password
2022-12-11 09:29:41 +13:00
Casper a930aeb18a
Remove unusual space from shebang line (#2834) 2022-10-17 10:40:09 +02:00
Leon George 2efb40bb17
docs: fix typo in podman.md (#2782) 2022-09-20 10:31:47 +02:00
Georg Lauterbach 26d241381f
remove unnecessary configuration files (#2738) 2022-08-22 08:37:35 +02:00
Georg Lauterbach ab55343d8e
scripts: rework environment variables setup (#2716)
* outsourcing env variable setup

This commit contains major parts of the work of refactoring the setup
and usage of environment variables. It outsources the setup into its own
script and provides dedicated functions to be executed at a later point in time.

A **new** env variable was added: `USER_PROVISIONG` which provides a
better way of defining which method / protocol to use when it comes to
setting up users. This way, the `ENABLE_LDAP` variable is deprecated,
but all of this is backwards compatible due to a "compatibility layer", a function provided by the new variables script.

This is not a breaking change. It mostly refators internal scripts. The
only change facing the user-side is the deprecation of `ENABLE_LDAP`. We
can prolong the period of deprecation for this variable as long as we
want, because the new function that ensures backwards compatibility
provides a clean interface for the future.

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
Co-authored-by: Casper <casperklein@users.noreply.github.com>
2022-08-22 08:31:32 +02:00
Brennan Kinney 0b8b77ad88
docs: Fix dmarc link (#2728)
There was a typo in the reference preventing the link from being properly rendered.
2022-08-20 17:00:30 +12:00
JiLleON e99bba2ef5
docs: Improve cron tasks and fix link in documentation (#2708)
Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2022-08-02 23:38:22 +12:00
Georg Lauterbach 684903f8d2
docs: Revise Kubernetes documentation (#2696) 2022-07-28 10:26:53 +12:00
Brennan Kinney 62fdcb05f5
chore: Remove redundant capability SYS_PTRACE (#2624)
* chore: Remove `SYS_PTRACE` capability from docs and configs
* chore: Remove `SYS_PTRACE` capability from tests

Doesn't seem to be required. It was originally added when the original change detection feature PR apparently needed it to function.
2022-06-07 01:20:13 +12:00
Georg Lauterbach 0010786d18
scripts: improve custom user-supplied Postfix configuration (#2598)
Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2022-06-06 09:30:10 +02:00
pyy 0d30b92a83
documentation: DOCKER_HOST missing unix:// (#2595) 2022-05-18 12:18:38 +02:00
pyy 0b909b2a32
documentation: DOCKER_HOST missing unix:// (#2589) 2022-05-13 09:46:54 +02:00
Andrew Cornford 2f3cbfc144
feat: Support for Dovecot master accounts (#2535)
Dovecot master accounts can now be configured in DMS via `setup.sh`.
A master account is useful for administration purposes, or to perform mailbox backups of every user account over IMAP.
Upstream Docs: https://doc.dovecot.org/configuration_manual/authentication/master_users/

Co-authored-by: Casper <casperklein@users.noreply.github.com>
Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2022-05-08 00:28:32 +02:00
Casper de61d42e68
Add ban feature to fail2ban script (#2538) 2022-04-19 08:44:51 +00:00
Georg Lauterbach a1726dc45a
scripts: added TZ environment variable to set timezone (#2530) 2022-04-06 16:48:41 +02:00
Georg Lauterbach a9305a073f
firewall: replace iptables with nftables (#2505)
* first adjustments to use Fail2Ban with nftables

* replace `iptables` -> `nftables` and adjust tests

nftables lists IPs a bit differently , so the order was adjusted for the
tests to be more flexible.

* line correction in mailserver.env

* change from `.conf` -> `.local` and remove redundant config

* revert HEREDOC to `echo`

Co-authored-by: Casper <casperklein@users.noreply.github.com>
2022-04-05 15:13:59 +02:00
Georg Lauterbach 21c218ac68
scripts: remove DMS_DEBUG (#2523)
* remove DMS_DEBUG from tests
* remove DMS_DEBUG from doc and scripts
* updated issue template
* re-add description about removal of DMS_DEBUG
2022-04-03 13:29:10 +02:00
Georg Lauterbach 24031ae365
scripts: new log (#2493)
* added new `_log` function

With `_log`, the `_notify` method wa rendered obsolete. `_notify` was
not completely removed due to test failures in `check-for-changes.sh`.

The new `_log` function properly uses log levels such as `trace`,
`debug`, `info`, `warn` and `error`. It provides a cleaner solution
and renders `DMS_DEBUG` obsolete too (as only `_notify` depends on it).

* converted all helper script to new `_log` function

* converted all startup stacks to new `log` function

* `start-mailserver.sh` now uses new `_log` function

* final test and misc small script adjustments

* updated documentation
2022-03-21 07:07:52 +01:00
Casper 5b5b444094
docs(fail2ban): Use the correct example config location (#2484) 2022-03-15 14:51:47 +13:00
Casper a2f22422ca
docs: Enhance logrotate description (#2469) 2022-03-07 23:00:32 +01:00
Casper b9fdb1e7b5
Introduce CLAMAV_MESSAGE_SIZE_LIMIT env (#2453) 2022-03-03 16:17:01 +01:00
Casper 1911f9a4b4
setup.sh: Remove obsolete 'debug inspect' command from usage text (#2454) 2022-03-03 11:38:28 +00:00
Casper a8a8c859dc
Rename config examples directory (#2438) 2022-03-02 22:54:14 +00:00
Georg Lauterbach e6af5a118f
Adjust envrionment variables - more sensible defaults (#2428)
The new setup will now set env variables on one place and on one place
only. The old setup used two separate places wich is not DRY and
confusing.

Some default values changed:

1. PFLOGSUMM_TRIGGER: logrotate => none
2. REPORT_SENDER: mailserver-report@HOSTNAME => mailserver-report@DOMAIN
3. REPORT_RECIPIENT: "0" => POSTMASTER_ADDRESS

One env variable was renamed: REPORT_INTERVAL => LOGROTATE_INTERVAL

I believe these defaults to be more sensible, especially the REPORT_RECIPIENT
address. The PFLOGSUMM_TRIGGER value was changed to `none` because otherwise
people would start getting daily Postfix log summary reports automatically.
Now, this is opt-in, and reports are sent only when enabled properly.

Some of the variables changed were marked as deprecated. I removed the note,
as the variables now bear some (sane) defaults again for other variables
(i.e.) REPORT_RECIPIENT is now default for other recipient addresses.

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
Co-authored-by: Casper <casperklein@users.noreply.github.com>
2022-03-03 10:22:17 +13:00
Casper 57c52d7b5b
PERMIT_DOCKER=none as new default value (#2424)
Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2022-03-02 16:03:40 +01:00
Casper 2de3340d2c
Fix some documentation links (#2426) 2022-02-23 18:22:44 +01:00
Philipp Fruck 83231da555
docs(podman): Fix broken links (#2429) 2022-02-22 10:12:09 +13:00
Georg Lauterbach 2927cc47c7
Add SpamAssassin KAM (#2418) 2022-02-21 10:48:28 +01:00
Frederic Werner 358df6ada2
docs(deps): bump mkdocs-material to v8.2.1 (#2422)
* docs(deps): bump mkdocs-material to v8.2.1

* feat(docs): enable mermaid integration

Configuration based on https://squidfunk.github.io/mkdocs-material/reference/diagrams/?h=mermaid#configuration

* fix: allow yaml value mapping

* chore: Adopt mkdocs-material mermaid integration support

Supported by the docs generator now, we no longer need to rely on external image generator or live editor link (both relied on large base64 encoding of mermaid markup). SVG will be rendered by docs now, although a little different style (can be fixed with custom CSS).

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2022-02-19 21:26:56 +01:00
Georg Lauterbach ec8b99335e
Add changedetector functionality for ${SSL_TYPE} == manual (#2404)
Now, setups that use `SSL_TYPE=manual` will profit from the changedetector as well. Certificate changes are picked up and properly propagated.
2022-02-18 11:29:51 +01:00
Moritz Poldrack 54f2181379
added sieve example for subaddress sorting (#2410) 2022-02-17 17:32:21 +01:00
Christian Raue 908e95fa74
consistently make 1 the default value for SPAMASSASSIN_SPAM_TO_INBOX (#2361)
Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2022-02-17 09:31:45 +01:00
Philipp Fruck 4c3af32692
Rootless Podman security update (#2393)
Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
Co-authored-by: Casper <casperklein@users.noreply.github.com>
2022-02-09 10:25:09 +01:00
Georg Lauterbach 4cb617f7f9
README.md and Documentation Update (#2389)
* follow up on #2383

Fixes a documentation error by which a list would not be rendered
correctly. This has been taken care of.

* update the `README.md`

I felt the need to update the README for several reasons:

1. LDAP issues that the core maintainers team cannot really resolve
2. Cleaning up the somewhat messy structure near the end

The first point goes without explanantion. The second points includes:

2.1. The tagging convention is now easier to read and understand
2.2. Some bullut points or notes have been inlined to "stick" more to
     the content that it actually belongs to
2.3. The note about the "old" `setup.sh` for DMS `10.1.0` has been
     removed as it is obsolete now. We encourage users to upgrade to
     `10.4.0` anyways.
2.4. The markdown code highlighting is now using `CONSOLE` instead of
     `BASH` because `CONSOLE` is more appropriate.
2.5. Capitalized headings
2.6. Updated the section about `./setup.sh help` to be in one place now
     instead of two
2.7. DKIM key generation does now not interfere with user account
     creation.

* adjusted content to PR suggestions
2022-02-05 10:54:54 +01:00
schnippl0r a7ad065f73
Fixed typo in update-and-cleanup.md. (#2388) 2022-02-01 15:38:24 +01:00
Twist235 602f6fce06
SSL documentation contains a small bug #2381 (#2383) 2022-01-31 22:12:51 +01:00
Khue Doan 16a7d90296
docs(kubernetes): fix image name in example (#2385) 2022-01-31 13:16:26 +01:00
Brennan Kinney d3b9746c6f
docs: Fail2Ban - Fix links for rootless podman (#2384)
Co-authored-by: Casper <casperklein@users.noreply.github.com>
2022-01-27 18:13:10 +01:00
Christian Raue da17e8bf0b
add env var LOGWATCH_SENDER (#2362)
Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2022-01-10 12:29:11 +01:00
Casper 0c31f71358
Introduce DOVECOT_INET_PROTOCOLS env (#2358) 2022-01-06 00:53:18 +01:00
Casper 9d5a9a16a0
Introduce ENABLE_DNSBL env (#2342)
Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2022-01-03 22:03:46 +01:00
Semir Patel 33ebbbf2c7
Update links to dovecot docs (#2351) 2022-01-01 12:08:33 +01:00
Mohammed Noureldin babae05d4a
Add documentation to the usage with Active Directory (#2303)
Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2021-11-28 11:05:50 +01:00
Brennan Kinney fb72f3ad52
ci(docs): Fail when build aborts from broken links (#2266)
Using `set -ex` will exit the script as soon as a non-zero exit code is returned, such as when the docker image fails building the docs due to `build --strict` catching broken links. This also removes the need for `|| exit` when changing directory.

This seems fine for a small script, but AFAIK an alternative fix is just adding `|| exit` to the end of the `docker run` command too? There appears to be advice [against adopting `-e` carelessly](http://mywiki.wooledge.org/BashFAQ/105), while others [encourage `-e`](http://redsymbol.net/articles/unofficial-bash-strict-mode/). I know that several maintainers here have preference towards `set -e` so I've kept the original PR solution.

Additionally:

- `-x` is used to improve command visibility when reviewing the workflow log output.
- `--name` isn't necessary, but was part of the original PR.
- I've chosen not to include `-o pipefail`, only because no pipes are used in this script.

* docs(fix): Fix broken links

* ci(docs): Added inline docs

Extra documentation context for maintainers to quickly grok what's going on.

* chore(docs): Minor typo fix by wernerfred

Added from their related PR by request.
2021-10-31 09:13:18 +13:00
Brennan Kinney bdcfe27482
docs(ssl): Add an FQDN section (#2268)
* docs(ssl): Adjust heading levels for provisioning sections

- Group provisioning sections under one heading level.
- Use `attr_list` syntax for headings to make the ToC sidebar entry less verbose.

* docs(ssl): Minor fixes

Typos, formatting.

* docs(ssl): Rephrase Traefik wildcard support

Split the line out into multiple with better phrasing.

* docs(ssl): Add FQDN section

We briefly mention the same info twice on the docs page, but as it applies to all provisioners in general, it's been given it's own detailed section with examples.

Single section to inform users about an FQDN, how it's configured and understood by `docker-mailserver` for both Docker CLI and `docker-compose.yml` variations.

Adds note about wildcard support and bare domains to clear up any confusion configuring FQDN for these two.

Additional note about Certbot using symlinks for it's cert storage.

* chore: Add FQDN comment for `docker-compose.yml` example config
2021-10-31 00:12:39 +13:00
2b ed562a7057
docs(fail2ban): Add info about running in rootless containers (#2252)
Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2021-10-30 21:56:32 +13:00
Brennan Kinney 4f91620a7f
docs: ssl.md - Revise letsencrypt section (#2209)
Below commit messages are roughly equivalent to what is listed on the PR. The PR provides additional linked resources for reference to support commit message statements.

---

* docs: Add CT log warning

- Added a warning to make users aware that using a public CA like _Let's Encrypt_ will publicly log information that may be somewhat sensitive, or undesirable to have historic records made public which cannot be redacted.

* docs: Revise the manual `certbot` guide

- The `letsencrypt` repo that was linked early in this guide now redirects to the [Certbot repo](https://github.com/certbot/certbot).

- More explicit volume mount instruction for CertBot; the local location was a tad vague.

- Better clarified `/etc/letsencrypt/live` contents structure, as well as FQDN info. Removed the misleading `fqdn:` from `docker-compose.yml` example snippet.

* docs: Revise certbot with Docker guide

- General rewrite of the Docker Certbot section with additional tips (_renewals with automation, and using a alternative CA_).

- Generalized tone and paths in content.

- Update volume mount paths to be consistent with recent normalization effort.

- Moved some instructions into inline-comments for script examples instead.

* docs: Revise Docker with `nginx-proxy` and `acme-companion`

- Break apart into individual steps, indenting content into the step as appropriate.

- Use normalized volume paths (`docker-data/<service>/` prefix).

- `letsencrypt-nginx-proxy-companion` has _changed project name to `acme-companion`_, and _transferred to new maintainers and the `nginx-proxy` organization_. This also affects the DockerHub image references.

- `acme-companion` has _switched from using `simp_le` to `acme.sh`_ for provisioning certificates. This requires mounting an additional volume for persisting provisioner state.

- The dummy container (_webmail_) is no longer `library/nginx`, just [`nginx`](https://hub.docker.com/_/nginx). This container also doesn't appear to be required. I've verified that the ENV can be given to the `mailserver` service container directly. Retained for now.

* docs: Revise Docker Compose with `nginx-proxy` and `acme-companion`

Heavy rewrite of this section. Like the previous commit mentions, this content was outdated. It has been simplified with improved documentation and reference links.

It also looks like there was a mistake in the existing config example as it uses the regular `nginx` image instead of `nginx-proxy`.

- The bulk of the `mailserver` service has been removed, users are advised to have an existing `docker-compose.yml` config for `docker-mailserver` and update only what is relevant to integrate with the cert provisioner.

- `DEBUG` is _false_ by default.

- The `networks:` portion of the example appears to be taken from upstream, _which that has since dropped it_. While we could continue to document this, I consider it more of an advanced config detail that we don't need to touch on in our docs.

- The `htpasswd` volume is unnecessary, only relevant if using _"Basic Authentication"_ to protect access to web service endpoints. `conf.d/` is also not required by default, it can be useful for the `standalone` mode (_documented as a `tip`_). Remaining volumes have inline-comments to document their purpose.

- `volumes_from:` is _not supported in v3 Compose format_, _only v2_ and the Docker CLI. I did not want to advise v2, so I've duplicated the volumes between the two containers instead. Internally `acme-companion` would rely on `volumes_from:` to identify the `nginx-proxy` container, it _provides alternative discovery methods_, the label is outdated and refers the legacy label (_their script logic is the same_); using the ENV `NGINX_PROXY_CONTAINER` seemed most appropriate and has been added.

- Upstream `acme-companion` docs only cover support for v2 Compose format. _There is a note regarding `nginx-proxy`_ having _volumes configured in it's Dockerfile_. Providing a volume for `/etc/nginx/dhparam` is required to avoid creating anonymous volumes each run of `nginx-proxy`. I've used a named data volume here to make it stick out more, it's not desirable and upstream should fix this, then we can drop it.

- I've also opted to only demonstrate the _Two Container (Basic) setup_ that upstream documents. Previously our docs have been showing _`docker-gen` with the Three Container (Advanced) setup_, which allows for not having the Docker API socket attached as a volume to a container exposed to the web. This reduces the security a bit, and I have not mentioned that on our docs. I could caution the reader with a link to upstream about the risk, but I don't think we should maintain the `docker-gen` setup.

* docs(fix): Update anchor links

These mismatched the current section headers they were meant to link to.
2021-09-27 12:40:54 +13:00
Brennan Kinney a0ee472501
docs(chore): Normalize for consistency (#2206)
"Brief" summary/overview of changes. See the PR discussion or individual commits from the PR for more details.

---

Only applies to the `docs/content/**` content (_and `setup` command_). `target/` and `test/` can be normalized at a later date.

* Normalize to `example.com`

- Domains normalized to `example.com`: `mywebserver.com`, `myserver.tld`, `domain.com`, `domain.tld`, `mydomain.net`, `my-domain.tld`, `my-domain.com`, `example.org`, `whoami.com`.
- Alternative domains normalized to `not-example.com`: `otherdomain.com`, `otherdomain.tld`, `domain2.tld`, `mybackupmx.com`, `whoareyou.org`.
- Email addresses normalized to `admin@example.com` (in `ssl.md`): `foo@bar.com`, `yourcurrentemail@gmail.com`, `email@email.com`, `admin@domain.tld`.
- Email addresses normalized to `external-account@gmail.com`: `bill@gates321boom.com`, `external@gmail.com`, `myemail@gmail.com`, `real-email-address@external-domain.com`.
- **`faq.md`:** A FAQ entry title with `sample.domain.com` changed to `subdomain.example.com`.
- **`mail-fetchmail.md`:** Config examples with FQDNs for `imap`/`pop3` used `example.com` domain for a third-party, changed to `gmail.com` as more familiar third-party/external MTA.

* Normalize config volume path

- Normalizing local config path references to `./docker-data/dms/config/`: `./config/`, `config/`, \``config`\`, `/etc/` (_volume mount src path prefix_).
- Normalize DMS volume paths to `docker-data/dms/mail-{data,state,log}`: `./mail`, `./mail-state` `./data/mail`, `./data/state`, `./data/logs`, `./data/maildata`, `./data/mailstate`, `./data/maillogs`, (_dropped/converted data volumes: `maildata`, `mailstate`_).
- Other docker images also adopt the `docker-data/{service name}/` prefix.

* `ssl.md` - Use `dms/custom-certs` where appropriate.

* Apply normalizations to README and example `docker-compose.yml`

---

Common terms, sometimes interchangeably used or now invalid depending on context: `mail`, `mail container`, `mail server`, `mail-server`, `mailserver`,`docker-mailserver`, `Docker Mailserver`.

Rough transformations applied to most matches (_conditionally, depending on context_):

- 'Docker Mailserver' => '`docker-mailserver`'
- 'mail container' => '`docker-mailserver`' (_optionally retaining ' container'_)
- 'mail server' => 'mail-server' / '`docker-mailserver`'
- 'mail-server' => '`docker-mailserver`'
- 'mailserver' => 'mail-server' / '`docker-mailserver`'

Additionally I checked `docker run` (_plus `exec`, `logs`, etc, sub-commands_) and `docker-compose` commands. Often finding usage of `mail` instead of the expected `mailserver`

Additionally changes `mailserver` hostname in k8s to `mail` to align with other non-k8s examples.

---

* drive-by revisions

Mostly minor revisions or improvements to docs that aren't related to normalization effort.
2021-09-23 11:29:37 +12:00
William Desportes 4d3fade23b
docs: Update all docker-compose files to use the same version and examples (#2159)
Initial pass for achieving more consistency with docker-compose related configs.

* Set DMS_DEBUG to 0
* align with default docker-compose.yml

Co-authored-by: Casper <casperklein@users.noreply.github.com>
Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2021-09-20 19:27:55 +12:00
Orville Q. Song ddd97274e0
feat: rootless Podman with documentation (#2179)
Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2021-09-19 18:55:51 +02:00
Georg Lauterbach 3216d495cc
scripts: merge new setup.sh version for 10.2.0 again (#2189) 2021-09-19 16:47:08 +02:00
Brennan Kinney 08cd4d3371
fix: Enable DH parameters (ffdhe4096) by default (#2192)
This feature was originally introduced by the PR: https://github.com/docker-mailserver/docker-mailserver/pull/1463

- Assign default DH params to use via Dockerfile build instead of copy and update at runtime.
- Parameterized service names and paths.
- Refactor postfix and dovecot dh methods to wrap shared dh logic
- I don't see any value in checking the alternative service for dh params file to copy over, so that's now dropped too.
- Another conditional check is dropped and the default fallback message for existing DH params file is no longer relevant.
- Improved the remaining `_notify` messages. Collapsing the warning into a single logged message also seemed relevant.
- There is no apparent need for special handling with `ONE_DIR=1`. Dropped it.

- Refactor DH params  tests
- Combine custom and default DH param tests into single test file
- docs: Add instructions to use custom DH params

There is no official documented support for custom DH parameters. As no guarantee is provided, this is considered an internal change, not a breaking one.
2021-09-15 20:28:04 +12:00
Brennan Kinney 2bc3e821fa
docs: Improve FAQ entry for mail-state folder (#2187)
* docs: Improve FAQ entry for `mail-state` folder

- Links to relevant script logic.
- Better list of services data moved to `mail-state`.

* Update docs/content/faq.md

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>

* docs(fix): ONE_DIR env default is now `1`

This was missed during the `ONE_DIR` default change in https://github.com/docker-mailserver/docker-mailserver/pull/2148

* fix relative filepath

* fix: use new URI anchor

Co-authored-by: Casper <casperklein@users.noreply.github.com>
Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2021-09-13 11:26:56 +02:00
Georg Lauterbach c7e4981945
Move setup process via script into container (#2174)
Decoupling setup process from `setup.sh` script by introducing a setup script _inside_ the container that coordinates the setup process.

**This is not a breaking change**. This way, we do not have to keep track of versions of `setup.sh`.

This change brings the additional benefit for Kubernetes users to be able to make use of `setup` now, without the need for `setup.sh`.

---

* move setup process into container; setup.sh versioning not needed anymore

* add tilde functionality to docs

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
Co-authored-by: Casper <casperklein@users.noreply.github.com>
2021-09-12 11:29:02 +12:00
Nathan Pierce c267d8a990
HOSTNAME and DOMAINNAME setting improvements (#2175)
Centralize the collection of the HOSTNAME and DOMAINAME so that it's predictable and uniform across the various scripts (using the helper). Ensure it supports the various configurations users can have (both subdomain and without subdomain, override and no override).

---

* using _obtain_hostname_and_domainname helper + covers when not a subdomain
doc: OVERRIDE_HOSTNAME takes priority

* added tests for non-subdomain hostname + further improvements

* moved SRS DOMAINANME tests into hostname test file + Allowing DOMAINNAME ENV to override what would be automatically set

---

Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2021-09-12 02:20:16 +12:00
William Desportes 05eb8cb10e
More typo fixes and improve ports example at POP3 docs (#2128)
Co-authored-by: Casper <casperklein@users.noreply.github.com>
Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2021-08-13 10:33:10 +02:00
William Desportes 3a38b23a1a
Improve fail2ban docs and fix a typo (#2126)
Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2021-08-13 10:30:39 +02:00
Georg Lauterbach 78c4bc8282
chore(docs): adjust K8s documentation (#2111) 2021-08-12 23:01:49 +00:00
Andrew Low 016d90249d
update aws ses configuration doc (#2105)
Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2021-07-29 20:45:52 +00:00
eleith 4473b881cf
add dovecot-fts-xapian (#2064)
* add dovecot-fts-xapian

update Docker to build from debian bullseye slim, as it contains
packages for fts-xapian.

update Docker to install dovecot-fts-xapian.

update docs with instructions on how to enable fts-xapian or fts-solr
and what considerations to take into when deciding.

* address review feedback

* update backport method to previously proposed approach (which was lost in a forced push)
2021-07-05 10:25:26 +00:00
Casper ea81aebf83
Follow-up #2035 (#2047)
* remove volumes section

* bind mounts + localtime
2021-06-21 17:36:59 +02:00
Nathan Pierce 9c5d6ad25c
reworked mail_crypt guide to make things way more simple and prepare … (#2043)
* reworked mail_crypt guide to make things way more simple and prepare for user folder encryption

* Update docs/content/config/security/mail_crypt.md

Co-authored-by: Casper <casperklein@users.noreply.github.com>

* Update docs/content/config/security/mail_crypt.md

Co-authored-by: Casper <casperklein@users.noreply.github.com>

* Update docs/content/config/security/mail_crypt.md

Co-authored-by: Casper <casperklein@users.noreply.github.com>

* Update docs/content/config/security/mail_crypt.md

Co-authored-by: Casper <casperklein@users.noreply.github.com>

* Update docs/content/config/security/mail_crypt.md

Co-authored-by: Casper <casperklein@users.noreply.github.com>

Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
Co-authored-by: Casper <casperklein@users.noreply.github.com>
2021-06-19 12:33:30 +02:00
Frederic Werner a0f4a37512
v10.0.0 release (#1978)
* chore: prepare v10 release

* chore: bump version to v10.0.0

* chore: bump version to v10.0.0

* chore: add changelog for v10.0.0

* Fail2ban compatibility/downgrade info added

* chore: add PR and PR links

* fix a dot in the README

* chore: add pr 1996

* chore: add pr 1921 and 1989

* Revert "chore: add pr 1996"

This reverts commit 58a8ba4b44.

* chore: add grace_period pr reference

* remove :stable and other deprecated stuff

* corrected linting and removed generate ssl bin

* updated CHANGELOG

* fix: list of prs

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>

* fix: list of prs

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>

* Update CHANGELOG.md

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>

* Update CHANGELOG.md

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>

* Update CHANGELOG.md

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>

* Update CHANGELOG.md

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>

* partial revert of dc8f49de54

* chore: add pr 2021

Co-authored-by: Casper <casperklein@users.noreply.github.com>
Co-authored-by: Georg Lauterbach <44545919+aendeavor@users.noreply.github.com>
Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2021-06-01 12:17:14 +02:00
Brennan Kinney 2a08385578
docs: SSL - Revise self-signed cert provisioning (#2021)
* docs: SSL - Deprecate internal self-signed cert tool

We no longer support this method with `setup.sh` from v10 onwards, `SSL_TYPE=self-signed` remains supported however. Advice has been revised for users to provide their own self-signed cert or use an external tool with an example provided.

* chore: typo fix

* chore: fix docker cmd

* chore: fix link syntax
2021-06-01 09:56:35 +02:00
Frederic Werner e20a66864a
docs(deps): bump mkdocs-material to 7.1.6 (#2015)
* docs(deps): bump mkdocs-material to 7.1.6

* chore: trigger preview on changes to preview workflows too

* fix: replace deprecated admonition

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2021-05-31 19:02:56 +12:00
okami d10a54d74c
chore(docs): Update Kubernetes CRI-O Capability Description (#2006)
Co-authored-by: Georg Lauterbach <44545919+aendeavor@users.noreply.github.com>
2021-05-26 10:35:13 +02:00
Moritz Marquardt 66bc157c1d
fix!: Allow protocol in SASLAUTHD_LDAP_SERVER & adjust SASLAUTHD_LDAP_ default values (#1989)
* fix: make sure the SASLAUTHD_LDAP_HOST/PROTO logic makes sense and use LDAP_SERVER_HOST as a fallback (#1983)

* chore(docs): document changes to LDAP/SASLAUTHD as of #1983

* fix!: apply default value modifications suggested in #1983

https://github.com/docker-mailserver/docker-mailserver/issues/1983#issuecomment-844848224

* chore(test): Test SASLAUTHD_LDAP_SERVER with protocol and ..._SSL=0, as well as with default bind credentials

Note that there are currently no regression tests for this as there's only one setup_file, so that would require big changes to the testing methodology.

* refactor!: completely remove SASLAUTHD_LDAP_SSL and SASLAUTHD_LDAP_PROTO

Co-authored-by: Georg Lauterbach <44545919+aendeavor@users.noreply.github.com>
Co-authored-by: Frederic Werner <20406381+wernerfred@users.noreply.github.com>
2021-05-22 22:52:56 +02:00
Moritz Marquardt 44622e6292
docs: Improve LDAP documentation (#1921)
* docs(ldap): Make DOVECOT_PASS_FILTER clearer and add a small DOVECOT_AUTH_BIND section

* docs(ldap): Remove superfluous environment variables as of #1989

* docs(ldap): Document defaults for DOVECOT_*_ATTRS/FILTER

* docs(ldap): Add documentation for LDAP with TLS and StartTLS

Co-authored-by: Frederic Werner <20406381+wernerfred@users.noreply.github.com>
Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2021-05-22 10:17:29 +12:00
Patrizio Bekerle 803450e6dc
Add Kmail as sieve client (#1993)
* Add Kmail as sieve client
2021-05-22 09:54:47 +12:00
Casper bab0277723
Update check (#1951)
* mail binary

* initial work

* make env vars available

* typo

* some fixes

* make script ugly, to satisfy linter..

* mailserver.env updated

* Version to welcome message added

* remove VERSION file references

* VERSION --> DMS_VERSION

* fetch remote version

* variable usage

* Quoting added

* edge test & docu

* dash removed

* subject changed

* re-add VERSION

* VERSION added

* new file:   VERSION

* rewrite

* unnecessary additions from fail2ban PR removed

* UPDATE_CHECK_INTERVAL added

* syntax check & _log function

* comment added

* final commit
2021-05-19 21:18:06 +02:00
Georg Lauterbach 5449efd8d4
chore(docs): outsourcing environment vars to the documentation (#1948)
Co-authored-by: Frederic Werner <20406381+wernerfred@users.noreply.github.com>
Co-authored-by: Casper <casperklein@users.noreply.github.com>
Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2021-05-11 22:15:34 +12:00
Georg Lauterbach 04e98dc49f
introduce variable to control Amavis' loglevel (#1947) 2021-05-06 23:51:45 +02:00
Georg Lauterbach 8313d9753b
Adjusted documentation for service name and Traefik certificate issuance (#1918)
Co-authored-by: Casper <casperklein@users.noreply.github.com>
2021-04-18 15:21:08 +02:00
Nathan Pierce 0fb5251c20
docs: add mail_crypt plugin documentation (#1913)
* mail_crypt plugin + quick improvement to dovecot override defaults doc

* quick change for <your-container-name> to use mailserver

Co-authored-by: Georg Lauterbach <44545919+aendeavor@users.noreply.github.com>
2021-04-18 00:31:09 +02:00
Moritz Marquardt 271d94a37e
Add LDAP_QUERY_FILTER_SENDERS setting for spoof protection with LDAP (#1902) 2021-04-17 22:40:19 +02:00
Casper b2842f3bbc
Fix typo (#1910) 2021-04-15 11:49:23 +02:00
Casper af2991fefe
POP3 warning removed (#1908) 2021-04-14 17:38:19 +02:00
Casper deca22bcd4
small enhancements (#1899) 2021-04-12 10:08:17 +00:00
Shyim 87b5628696
Mailserver needs recreation after adding new volume (#1897) 2021-04-11 20:27:07 +02:00
Georg Lauterbach 65622c56e9
Better incorporate the new, great documentation (#1878) 2021-04-02 09:44:31 +13:00
polarathene 1b971a89cb docs(sync): Add Github Wiki contributions
During the long-lived PR, multiple contributions to the existing Github Wiki were made, this commit applies those here and mentions the files and authors attributed to the changes:

JaapD: dkim.md + forward-only-mailserver-with-ldap-authentication.md

Added corrections to `setup.sh config dkim` command.
Added compatibility warning about 4096-bit key sizes or greater.
Added ldap tip. 

---

fred727-temp: optional-config.md

Added a mention for `user-patches.sh`.

---

Semir Patel: setup.sh.md + debugging.md

Minor corrections. Additionally corrected `tvial` references that had already been updated in this PR series.

---

Stefan Neben: kubernetes.md

> Port 25 proxy protocol configuration in master.cf was missing
docs(sync): Add Github Wiki contributions
> IMAP with STARTTLS is also active, so we need that option here as well
docs(sync): Add Github Wiki contribution
2021-03-25 11:49:24 +13:00
wernerfred 711b4c9d83 docs(refactor): Convert more content to use admonitions + improvements 2021-03-25 11:49:24 +13:00
wernerfred 463bc967d2 docs(fix): Update wiki references to the new docs url
Additionally replaces old references to `tvial` images with the new `mailserver` docker image name.
2021-03-25 11:49:24 +13:00
wernerfred 724fe72d20 docs: Update metadata and links to new locations
Also removed the FAQ inline heading link for Rancher. It's not a relevant link (as the question already expects knowledge of Rancher), and breaks out of the bg colour heading style due to the HTML generation logic from mkdocs.
2021-03-25 11:49:24 +13:00
wernerfred 1a8552b96c docs(refactor): Restructure document hierarchy
Additionally rename `installation-examples.md` and split
2021-03-25 11:49:24 +13:00
polarathene 021e942c4c docs(refactor): Large refactor + additions + fixes
Consistency pass, formatting cleanup and fixes, introduce admonitions, add front-matter.

---

docs: Add front-matter

---

docs: Fix and format links

- Some links were invalid (eg files moved or renamed)
- Some were valid but had invalid section headers (content removed or migrated)
- Some use `http://` instead of `https://` when the website supports a secure connection.
- Some already used the `[name][reference]` convention but often with a number that wasn't as useful for maintenance.
- All referenced docs needed URLs replaced. Opted for the `[name][reference]` approach to group them all clearly at the bottom of the doc, especially with the relative URLs and in some cases many duplicate entries.
- All `tomav` references from the original repo prior to switch to an organization have been corrected.
- Minor cosmetic changes to the `name` part of the URL, such as for referencing issues to be consistent.
- Some small changes to text body, usually due to duplicate URL reference that was unnecessary (open relay, youtous)
- Switched other links to use the `[name][reference]` format when there was a large group of URLs such as wikipedia or kubernetes. Github repos that reference projects related to `docker-mailserver` also got placed here so they're noticed better by maintainers. This also helped quite a bit with `mermaid` external links that are very long.
- There was a Github Wiki supported syntax in use `[[name | link]]` for `fetchmail` page that isn't compatible by default with MkDocs (needs a plugin), converted to `[name][reference]` instead since it's a relative link.

---

docs: Update commit link for LDAP override script

Logic moved to another file, keeping the permalink commit reference so it's unaffected by any changes in the file referenced in future.

---

docs: Heading corrections

Consistency pass. Helps with the Table of Contents (top-right UI) aka Document Outline.
docs: codefence cleanup

---

docs: misc cleanup

---

docs: Add Admonitions

Switches `<details>` usage for collapsible admonitions (`???`) while other text content is switched to the visually more distinct admoniton (`!!!` or `???+`) style.

This does affect editor syntax highlighting a bit and markdown linting as it's custom non-standard markdown syntax.
2021-03-25 11:49:24 +13:00
Georg Lauterbach 7b3e416184 Updated Configure DKIM (markdown) 2021-02-08 12:21:12 +01:00