Commit graph

2561 commits

Author SHA1 Message Date
Georg Lauterbach 8f391e4d5a
release: v13.2.0 (#3746)
* bump `VERSION` & adjust `CHANGELOG.md`

* chore: Bump the unreleased base compare tag in `CHANGELOG.md`

---------

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2024-01-04 22:14:51 +01:00
Georg Lauterbach bf69ef248e
Postfix: add smtpd_data_restrictions = reject_unauth_pipelining (#3744)
* add `smtpd_data_restrictions = reject_unauth_pipelining`

* fix: Skip restriction if trusted

* add changelog entry

* revert change to `postfix-amavis.cf`

* Update CHANGELOG.md

---------

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2024-01-04 22:13:13 +01:00
Georg Lauterbach 25c7024cc4
security(Postfix): Protect against "SMTP Smuggling" attack (#3727)
View `CHANGELOG.md` entry and PR for details.

---------

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2024-01-03 14:02:59 +13:00
Georg Lauterbach 9e81517fe3
tests: Use swaks instead of nc for sending mail (#3732)
See associated `CHANGELOG.md` entry for details.

---------

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2024-01-03 13:17:54 +13:00
Brennan Kinney 0889b0ff06
fix: supervisor-app.conf - Correct the log location for postgrey (#3724)
* fix: `supervisor-app.conf` - Correct `postgrey` log location

Looks like this should have been like every other service and reference a log file(s) based on program name in the supervisor log directory.

* tests: Adjust log location for `postgrey_enabled.bats`
2023-12-30 09:59:09 +13:00
Georg Lauterbach 8392e3c1a8
release: v13.1.0 (#3720)
Co-authored-by: Casper <casperklein@users.noreply.github.com>
Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2023-12-29 13:58:54 +01:00
Brennan Kinney 72517d3f82
docs: Debugging - Delivery failure from service downtime (#3718)
* docs: Debugging - Delivery failure from service downtime

Services may be temporarily down, such as when restarted when certificates are updated due to the `check-for-changes.sh` service. This is another known source of intermittent delivery failures.
2023-12-26 09:53:32 +13:00
Casper 3adb53eb12
Remove sed statement (#3715) 2023-12-20 13:43:32 +13:00
Brennan Kinney 226ec847a4
ci: Remove VERSION from Dockerfile (#3711)
* ci: Remove `VERSION` from `Dockerfile`

This line was meant to be dropped with the switch to using the `DMS_RELEASE` ENV.
2023-12-19 08:35:16 +00:00
github-actions[bot] 6a56c7e749
docs: update CONTRIBUTORS.md (#3704)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2023-12-19 06:01:25 +00:00
Brennan Kinney 03052a65b8
ci: Allow lint workflow to be manually triggered (#3714)
* ci: Allow lint workflow to be manually triggered

Without this a different event must occur to trigger the workflow, which is inconvenient for automated PRs.
2023-12-19 18:59:59 +13:00
Brennan Kinney ca2c53dde7
ci: Avoiding linting CONTRIBUTORS.yml (#3705)
The file is managed by the `contributors.yml` workflow, no need for linting to be triggered on PRs for that change.

This should ideally skip the required check status for the lint workflow which cannot trigger implicitly for automated PRs. If this doesn't work the change should be reverted.
2023-12-19 14:41:07 +13:00
Brennan Kinney 5908d9f060
tests(refactor): Dovecot quotas (#3068)
* chore: Extract out Dovecot Quota test cases into new test file

Test cases are just cut + paste, no logic changed there yet.

* chore: Rename test case descriptions

* chore: Use `setup ...` methods instead of direct calls

* chore: Adjust `_run_in_container_bash` to `_run_in_container`

Plus some additional bug fixes in the disabled test case

* tests(refactor): Revise ENV test cases for max mailbox and message sizes

* tests(refactor): Revise ENV test cases for mailbox and message limits v2

Removes the extra variables and filtering in favour of explicit values instead of matching for comparison.

- Easier at a glance to know what is actually expected.
- Additionally reworks the quota limit checks in other test cases. Using a different formatter for `doveadm` is easier to match the desired value (`Limit`).

* chore: Sync improvement from `tests.bats` master

---

NOTE: This PR has been merged to avoid additional maintenance burden without losing the improvements. It was not considered complete, but remaining tasks were not documented in the PR.
2023-12-19 14:33:38 +13:00
dependabot[bot] ee87291225
chore(deps): Bump dawidd6/action-download-artifact from 2 to 3 (#3707) 2023-12-19 01:29:15 +01:00
dependabot[bot] 5015dc80b1
chore(deps): Bump actions/upload-artifact from 3 to 4 (#3708) 2023-12-19 00:16:38 +01:00
dependabot[bot] b9f7ff86de
chore(deps): Bump docker/metadata-action from 5.3.0 to 5.4.0 (#3710)
Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 5.3.0 to 5.4.0.
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Commits](https://github.com/docker/metadata-action/compare/v5.3.0...v5.4.0)

---
updated-dependencies:
- dependency-name: docker/metadata-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-18 15:50:56 +01:00
dependabot[bot] 083e464084
chore(deps): Bump github/codeql-action from 2 to 3 (#3709) 2023-12-18 14:05:37 +01:00
Casper 98a4c13ca9
Add ENV ENABLE_IMAP (#3703) 2023-12-18 12:26:28 +01:00
dependabot[bot] bbed3f6608
chore(deps): Bump actions/stale from 8 to 9 (#3696) 2023-12-11 21:36:30 +01:00
René Plötz 2f5dfed726
fix: Only set virtual_mailbox_maps to texthash when using the FILE account provisioner (#3693)
Signed-off-by: René Plötz <reneploetz@users.noreply.github.com>
2023-12-11 10:22:31 +13:00
github-actions[bot] bc9172fa74
docs: updated CONTRIBUTORS.md (#3691) 2023-12-10 21:08:19 +01:00
Casper d3b4e94d06
update-check: fix 'read' exit status (#3688)
Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2023-12-08 01:20:17 +01:00
Peter Adam 77917f5cc6
scripts: Install arm64 rspamd from official repository (#3686)
* scripts: Install rspamd from official repository instead of debian backports on arm64 architecture

* Remove unnecessary deb-src repository for rspamd

* Remove note about ARM64 rspamd version, update CHANGELOG.md

---------

Co-authored-by: Peter Adam <p.adam@cygnusnetworks.de>
2023-12-07 23:45:02 +01:00
Casper 908d38047c
scripts: add warning when update-check is enabled, but no stable release image is used (#3684) 2023-12-05 20:42:30 +00:00
Brennan Kinney c75975d59e
chore: Postfix should integrate Dovecot at runtime (#3681)
* chore: Better establish startup scope

* chore: Configure `main.cf` for Dovecot at runtime
2023-12-05 17:16:39 +13:00
dependabot[bot] 1ff8d57ea1
chore(deps): Bump anchore/scan-action from 3.3.7 to 3.3.8 (#3682)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-04 20:34:20 +00:00
dependabot[bot] 7ce745a82d
chore(deps): Bump docker/metadata-action from 5.0.0 to 5.3.0 (#3683)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-04 21:32:49 +01:00
Brennan Kinney 01689ab788
docs: Troubleshooting - Bare domain misconfiguration (#3680) 2023-12-03 23:22:43 +01:00
Georg Lauterbach 472174b744
ci: add run-local-instance target to Makefile (#3663) 2023-12-04 10:28:40 +13:00
Brennan Kinney 68f9671a22
fix: Logging - Welcome should use DMS_RELEASE ENV (#3676) 2023-11-30 14:47:31 +13:00
Brennan Kinney 19e96b5131
fix: update-check.sh should query GH Releases (#3666)
* fix: Source `VERSION` from image ENV

Now CI builds triggered from tagged releases will always have the correct version. No need for manually updating a separate file.

* fix: Query latest GH release tag

Compare to the remote GH release tag published, rather than contents of a `VERSION` file.

`VERSION` file remains in source for now as prior releases still rely on it for an update notification.

* chore: Switch from `yq` to `jaq`

- Can more easily express a string subslice.
- Lighter weight: 9.3M vs 1.7M.
- Drawback, no YAML input/output support.

If `yq` is preferred, the `v` prefix could be removed via BASH easily enough.

* chore: Add entry to `CHANGELOG.md`

* ci: `VERSION` has no relevance to `:edge`

* docs: Update build guide + simplify `make build`

---------

Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2023-11-30 10:21:26 +13:00
Georg Lauterbach a11951e398
hotfix: solve #3665 (#3669)
Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2023-11-28 10:33:29 +01:00
dependabot[bot] b037288e5a
chore(deps): Bump anchore/scan-action from 3.3.6 to 3.3.7 (#3667)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-27 14:22:17 +01:00
Georg Lauterbach 68a43eb497
ci: push :edge when VERSION is updated (#3662)
Previously, we did not run the workflow on push on `master` when a
release happened because the push on master is guarded by a check on
which files were changed.

With this change, I added `VERSION` to the list of files to consider
when updating `:edge`.
2023-11-26 21:44:47 +01:00
github-actions[bot] 2c60229913
docs: updated CONTRIBUTORS.md (#3656)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2023-11-26 20:15:14 +01:00
Georg Lauterbach b663e10841
release: v13.0.0 (#3641)
* adjust PR template

I am tired of writing `CHANGELOG.md` myself

---------

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
Co-authored-by: Casper <casperklein@users.noreply.github.com>
2023-11-26 14:00:56 +13:00
Brennan Kinney ba814f4213
ci: Linter EC should use /check as the mount path (#3655) 2023-11-25 12:34:00 +00:00
Jean-Kevin KPADEY cedd360ebd
docs: add a new example explaining how to integrate crowdsec with (#3651) 2023-11-25 11:02:42 +01:00
Brennan Kinney 7d1fcb75d7
docs: Debugging - Correctly starting DMS (#3654) 2023-11-25 10:57:34 +01:00
Brennan Kinney 2a716cf4a4
docs: Dovecot Sieve - Adjust to new path for user home folder (#3650) 2023-11-23 10:47:11 +01:00
Brennan Kinney 020542a66c
docs: Debugging - Add macOS suggestion to use gRPC FUSE file sharing implementation (#3652) 2023-11-23 14:05:51 +13:00
dependabot[bot] 042bd872bf
chore(deps): Bump docker/build-push-action from 5.0.0 to 5.1.0 (#3645)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-20 14:03:32 +01:00
Georg Lauterbach d8ebf591f9
docs: correct path for logs (#3640) 2023-11-15 10:34:56 +13:00
github-actions[bot] 218b56b123
docs: updated CONTRIBUTORS.md (#3639)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2023-11-14 16:16:52 +01:00
Georg Lauterbach f5a7e9d119
contributors: fix spelling & remove dedicated AllContributors section (#3638)
With the latest `contributors.yml` workflow, everyone is included in the
list of contributors. Hence, we do not need the extra section anymore.
2023-11-14 16:15:39 +01:00
github-actions[bot] d2efedf91c
docs: updated CONTRIBUTORS.md (#3637)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2023-11-13 13:23:21 +00:00
Georg Lauterbach 5f2fb72c9c
Rspamd: add check for DKIM private key files' permissions (#3627)
* added check for Rspamd DKIM on startup

The newly added function `__rspamd__check_dkim_permissions` performs a
check on DKIM private key files. This is useful to prevent issues
like #3621 in the future. The function is deliberately kept simple and
may not catch every single misconfiguration in terms of permissions and
ownership, but it should be quite accurate.

Please note that the Rspamd setup does NOT change at all, and the checks
will not abort the setup in case they fail. A simple warning is emmited.

* add more documentation to Rspamd functions

* Apply suggestions from code review

* improve `__do_as_rspamd_user`

* rework check similar to review suggestion

see https://github.com/docker-mailserver/docker-mailserver/pull/3627#discussion_r1388697547

---------

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2023-11-13 12:34:46 +01:00
Georg Lauterbach 26214491ef
fix: Drop special bits from Postfix maildrop/ and public/ directory permissions (#3625)
* update K8s deployment

Because `allowPrivilegeEscalation` controls SUID/SGID, we require it
when postdrop is invoked.

* correct permissions for maildrop/public

The reason our permissions previously worked out as that in setups where
SUID/SGID worked, the binaries used to place files in these directories
already have SGID set; the current set of permissions makes less sense
(as explained in this comment:
https://github.com/docker-mailserver/docker-mailserver/issues/3619#issuecomment-1793816412)

Since the binaries used to place files inside these directories alredy
have SUID/SGID set, we do not require these bits (or the sticky bit) to
be set on the directories.

* Apply suggestions from code review

---------

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2023-11-10 19:57:17 +01:00
Joerg Sonnenberger 0703e01492
docs: Clarify default for ENV FETCHMAIL_PARALLEL (#3603)
- Make this easier to find when browsing the example environment file.
- Adjust ENV documentation to properly mark the actual default value.

---------

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2023-11-10 13:03:21 +13:00
Zepmann 290355cf5a
docs: Add Dovecot Lua auth guide + required package (#3579)
* Dovecot: add deb package dovecot-lua to support Lua scripting
* Adding documentation for Lua authentication
* Updated documentation and made a better distinction between Dovecot packages for officially supported features and for community supported features.

---------

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2023-11-09 10:18:17 +13:00