Commit graph

316 commits

Author SHA1 Message Date
i-C-o-d-e-r b2cd66fcda
docs: Clarify description of explicit TLS (#3017)
* Fix #3007: Changed description of explicit TLS to indicate that insecure connections are rejected

* Further clarification that description only applies to authentication

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2023-01-23 01:09:38 +13:00
Brennan Kinney 133eb9bc2e
tests(refactor): mail_lmtp_ip.bats (#3004)
* chore: Drop ENV `ENABLE_POSTFIX_VIRTUAL_TRANSPORT`

* tests(chore): Remove redundant `dovecot-lmtp` config

None of this is needed. Only relevant change is changing the LMTP service listener for Dovecot and that can be delegated to `user-patches.sh`.

* tests(refactor): Use `user-patches.sh` instead of replacing config file

The only relevant changes in `test/config/dovecot-lmtp` regarding LMTP was:
- `/etc/dovecot/dovecot.conf` (`protocols = imap lmtp`) and `/etc/dovecot/protocols.d/` (`protocols = $protocols lmtp`).
- `conf.d/10-master.conf` only changed the LMTP service listener from a unix socket to TCP on port 24 (_this was the only change required for the test to pass_).

None of those configs are required as:
- `protocols = imap pop3 lmtp` [is the upstream default](https://doc.dovecot.org/settings/core/#core_setting-protocols), no need to add `lmtp`.
- The LMTP service listener is now configured for the test with `user-patches.sh`.

* tests(refactor): `mail_lmtp_ip.bats`

- Converted to new testing conventions and common container helpers.
- `ENABLE_POSTFIX_VIRTUAL_TRANSPORT` was not relevant, dropped.
- Revised test cases, logic remains the same.
- Large custom config used was not documented and doesn't appear to serve any purpose. Simplified by replacing with a single modification with `user-patches.sh`.
- Added some additional comments for context of test and improvements that could be made.

* tests(chore): Adjust comments

The comment from `mail_hostname` provides no valid context, it was likely copied over from `tests.bats` in Oct 2020 by accident.

The email sent is just for testing, nothing relevant to LMTP.

---

Added additional comment for test to reference extra information from.

* tests(chore): Update similar log line matching

Extracts out the match pattern and formatting commands into separate vars (reduces horizontal scrolling), and includes extra docs about what the matched line should be expected to look like.
2023-01-15 18:33:31 +13:00
Casper 6ac59ef871
Fix several typos (#2990) 2023-01-10 14:13:50 +01:00
Brennan Kinney 2b4105ef0a
chore(housekeeping): Cleaning up broken links (#2667)
These two links have remained broken for over 6 months. Removing them. 

* chore(housekeeping): Broken links

* chore: Remove broken links from `mailserver.env`
2023-01-09 12:22:37 +13:00
Y.C.Huang 88715974eb
docs: Provision a cert with the ACME DNS-01 challenge via Certbot + Cloudflare (#2968)
* docs: Certbot cloudflare
Add docs for implement certbot-dns-cloudflare to generate certificate for mail server

* Apply suggestions from code review

* fix: certbot-cloudflare docs

Fix the docker-compose command according to the advice

* feat: DNS-Cloudflare certificate renew
Add docs for implementing renewing certificate with crontab

* Apply suggestions from code review

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2023-01-07 11:58:50 +13:00
Georg Lauterbach 26ac48f34a
feature: provide initial Rspamd support (#2902) 2023-01-05 08:39:00 +01:00
Brennan Kinney fe21fe78e2
chore: Remove legacy ENV SASL_PASSWD (#2946)
As per deprecation notice from v11.3 release notes, and a related prior PR; this ENV is to be removed.

It's no longer considered useful, and none of the tests that configured it were actually using it for relaying anything.
2022-12-23 15:30:40 +13:00
pravynandas 0eef7789a2
docs: Improve setup CLI password example (#2926)
* Update setup.sh.md

Example to include password
2022-12-11 09:29:41 +13:00
Casper a930aeb18a
Remove unusual space from shebang line (#2834) 2022-10-17 10:40:09 +02:00
Leon George 2efb40bb17
docs: fix typo in podman.md (#2782) 2022-09-20 10:31:47 +02:00
Georg Lauterbach 26d241381f
remove unnecessary configuration files (#2738) 2022-08-22 08:37:35 +02:00
Georg Lauterbach ab55343d8e
scripts: rework environment variables setup (#2716)
* outsourcing env variable setup

This commit contains major parts of the work of refactoring the setup
and usage of environment variables. It outsources the setup into its own
script and provides dedicated functions to be executed at a later point in time.

A **new** env variable was added: `USER_PROVISIONG` which provides a
better way of defining which method / protocol to use when it comes to
setting up users. This way, the `ENABLE_LDAP` variable is deprecated,
but all of this is backwards compatible due to a "compatibility layer", a function provided by the new variables script.

This is not a breaking change. It mostly refators internal scripts. The
only change facing the user-side is the deprecation of `ENABLE_LDAP`. We
can prolong the period of deprecation for this variable as long as we
want, because the new function that ensures backwards compatibility
provides a clean interface for the future.

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
Co-authored-by: Casper <casperklein@users.noreply.github.com>
2022-08-22 08:31:32 +02:00
Brennan Kinney 0b8b77ad88
docs: Fix dmarc link (#2728)
There was a typo in the reference preventing the link from being properly rendered.
2022-08-20 17:00:30 +12:00
JiLleON e99bba2ef5
docs: Improve cron tasks and fix link in documentation (#2708)
Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2022-08-02 23:38:22 +12:00
Georg Lauterbach 684903f8d2
docs: Revise Kubernetes documentation (#2696) 2022-07-28 10:26:53 +12:00
Brennan Kinney 62fdcb05f5
chore: Remove redundant capability SYS_PTRACE (#2624)
* chore: Remove `SYS_PTRACE` capability from docs and configs
* chore: Remove `SYS_PTRACE` capability from tests

Doesn't seem to be required. It was originally added when the original change detection feature PR apparently needed it to function.
2022-06-07 01:20:13 +12:00
Georg Lauterbach 0010786d18
scripts: improve custom user-supplied Postfix configuration (#2598)
Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2022-06-06 09:30:10 +02:00
pyy 0d30b92a83
documentation: DOCKER_HOST missing unix:// (#2595) 2022-05-18 12:18:38 +02:00
pyy 0b909b2a32
documentation: DOCKER_HOST missing unix:// (#2589) 2022-05-13 09:46:54 +02:00
Andrew Cornford 2f3cbfc144
feat: Support for Dovecot master accounts (#2535)
Dovecot master accounts can now be configured in DMS via `setup.sh`.
A master account is useful for administration purposes, or to perform mailbox backups of every user account over IMAP.
Upstream Docs: https://doc.dovecot.org/configuration_manual/authentication/master_users/

Co-authored-by: Casper <casperklein@users.noreply.github.com>
Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2022-05-08 00:28:32 +02:00
Casper de61d42e68
Add ban feature to fail2ban script (#2538) 2022-04-19 08:44:51 +00:00
Georg Lauterbach a1726dc45a
scripts: added TZ environment variable to set timezone (#2530) 2022-04-06 16:48:41 +02:00
Georg Lauterbach a9305a073f
firewall: replace iptables with nftables (#2505)
* first adjustments to use Fail2Ban with nftables

* replace `iptables` -> `nftables` and adjust tests

nftables lists IPs a bit differently , so the order was adjusted for the
tests to be more flexible.

* line correction in mailserver.env

* change from `.conf` -> `.local` and remove redundant config

* revert HEREDOC to `echo`

Co-authored-by: Casper <casperklein@users.noreply.github.com>
2022-04-05 15:13:59 +02:00
Georg Lauterbach 21c218ac68
scripts: remove DMS_DEBUG (#2523)
* remove DMS_DEBUG from tests
* remove DMS_DEBUG from doc and scripts
* updated issue template
* re-add description about removal of DMS_DEBUG
2022-04-03 13:29:10 +02:00
Georg Lauterbach 24031ae365
scripts: new log (#2493)
* added new `_log` function

With `_log`, the `_notify` method wa rendered obsolete. `_notify` was
not completely removed due to test failures in `check-for-changes.sh`.

The new `_log` function properly uses log levels such as `trace`,
`debug`, `info`, `warn` and `error`. It provides a cleaner solution
and renders `DMS_DEBUG` obsolete too (as only `_notify` depends on it).

* converted all helper script to new `_log` function

* converted all startup stacks to new `log` function

* `start-mailserver.sh` now uses new `_log` function

* final test and misc small script adjustments

* updated documentation
2022-03-21 07:07:52 +01:00
Casper 5b5b444094
docs(fail2ban): Use the correct example config location (#2484) 2022-03-15 14:51:47 +13:00
Casper a2f22422ca
docs: Enhance logrotate description (#2469) 2022-03-07 23:00:32 +01:00
Casper b9fdb1e7b5
Introduce CLAMAV_MESSAGE_SIZE_LIMIT env (#2453) 2022-03-03 16:17:01 +01:00
Casper 1911f9a4b4
setup.sh: Remove obsolete 'debug inspect' command from usage text (#2454) 2022-03-03 11:38:28 +00:00
Casper a8a8c859dc
Rename config examples directory (#2438) 2022-03-02 22:54:14 +00:00
Georg Lauterbach e6af5a118f
Adjust envrionment variables - more sensible defaults (#2428)
The new setup will now set env variables on one place and on one place
only. The old setup used two separate places wich is not DRY and
confusing.

Some default values changed:

1. PFLOGSUMM_TRIGGER: logrotate => none
2. REPORT_SENDER: mailserver-report@HOSTNAME => mailserver-report@DOMAIN
3. REPORT_RECIPIENT: "0" => POSTMASTER_ADDRESS

One env variable was renamed: REPORT_INTERVAL => LOGROTATE_INTERVAL

I believe these defaults to be more sensible, especially the REPORT_RECIPIENT
address. The PFLOGSUMM_TRIGGER value was changed to `none` because otherwise
people would start getting daily Postfix log summary reports automatically.
Now, this is opt-in, and reports are sent only when enabled properly.

Some of the variables changed were marked as deprecated. I removed the note,
as the variables now bear some (sane) defaults again for other variables
(i.e.) REPORT_RECIPIENT is now default for other recipient addresses.

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
Co-authored-by: Casper <casperklein@users.noreply.github.com>
2022-03-03 10:22:17 +13:00
Casper 57c52d7b5b
PERMIT_DOCKER=none as new default value (#2424)
Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2022-03-02 16:03:40 +01:00
Casper 2de3340d2c
Fix some documentation links (#2426) 2022-02-23 18:22:44 +01:00
Philipp Fruck 83231da555
docs(podman): Fix broken links (#2429) 2022-02-22 10:12:09 +13:00
Georg Lauterbach 2927cc47c7
Add SpamAssassin KAM (#2418) 2022-02-21 10:48:28 +01:00
Frederic Werner 358df6ada2
docs(deps): bump mkdocs-material to v8.2.1 (#2422)
* docs(deps): bump mkdocs-material to v8.2.1

* feat(docs): enable mermaid integration

Configuration based on https://squidfunk.github.io/mkdocs-material/reference/diagrams/?h=mermaid#configuration

* fix: allow yaml value mapping

* chore: Adopt mkdocs-material mermaid integration support

Supported by the docs generator now, we no longer need to rely on external image generator or live editor link (both relied on large base64 encoding of mermaid markup). SVG will be rendered by docs now, although a little different style (can be fixed with custom CSS).

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2022-02-19 21:26:56 +01:00
Georg Lauterbach ec8b99335e
Add changedetector functionality for ${SSL_TYPE} == manual (#2404)
Now, setups that use `SSL_TYPE=manual` will profit from the changedetector as well. Certificate changes are picked up and properly propagated.
2022-02-18 11:29:51 +01:00
Moritz Poldrack 54f2181379
added sieve example for subaddress sorting (#2410) 2022-02-17 17:32:21 +01:00
Christian Raue 908e95fa74
consistently make 1 the default value for SPAMASSASSIN_SPAM_TO_INBOX (#2361)
Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2022-02-17 09:31:45 +01:00
Philipp Fruck 4c3af32692
Rootless Podman security update (#2393)
Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
Co-authored-by: Casper <casperklein@users.noreply.github.com>
2022-02-09 10:25:09 +01:00
Georg Lauterbach 4cb617f7f9
README.md and Documentation Update (#2389)
* follow up on #2383

Fixes a documentation error by which a list would not be rendered
correctly. This has been taken care of.

* update the `README.md`

I felt the need to update the README for several reasons:

1. LDAP issues that the core maintainers team cannot really resolve
2. Cleaning up the somewhat messy structure near the end

The first point goes without explanantion. The second points includes:

2.1. The tagging convention is now easier to read and understand
2.2. Some bullut points or notes have been inlined to "stick" more to
     the content that it actually belongs to
2.3. The note about the "old" `setup.sh` for DMS `10.1.0` has been
     removed as it is obsolete now. We encourage users to upgrade to
     `10.4.0` anyways.
2.4. The markdown code highlighting is now using `CONSOLE` instead of
     `BASH` because `CONSOLE` is more appropriate.
2.5. Capitalized headings
2.6. Updated the section about `./setup.sh help` to be in one place now
     instead of two
2.7. DKIM key generation does now not interfere with user account
     creation.

* adjusted content to PR suggestions
2022-02-05 10:54:54 +01:00
schnippl0r a7ad065f73
Fixed typo in update-and-cleanup.md. (#2388) 2022-02-01 15:38:24 +01:00
Twist235 602f6fce06
SSL documentation contains a small bug #2381 (#2383) 2022-01-31 22:12:51 +01:00
Khue Doan 16a7d90296
docs(kubernetes): fix image name in example (#2385) 2022-01-31 13:16:26 +01:00
Brennan Kinney d3b9746c6f
docs: Fail2Ban - Fix links for rootless podman (#2384)
Co-authored-by: Casper <casperklein@users.noreply.github.com>
2022-01-27 18:13:10 +01:00
Christian Raue da17e8bf0b
add env var LOGWATCH_SENDER (#2362)
Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2022-01-10 12:29:11 +01:00
Casper 0c31f71358
Introduce DOVECOT_INET_PROTOCOLS env (#2358) 2022-01-06 00:53:18 +01:00
Casper 9d5a9a16a0
Introduce ENABLE_DNSBL env (#2342)
Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2022-01-03 22:03:46 +01:00
Semir Patel 33ebbbf2c7
Update links to dovecot docs (#2351) 2022-01-01 12:08:33 +01:00
Mohammed Noureldin babae05d4a
Add documentation to the usage with Active Directory (#2303)
Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2021-11-28 11:05:50 +01:00