Commit graph

132 commits

Author SHA1 Message Date
Casper ccd838c027
rsyslog logrotate warning fixed
Fix for https://github.com/tomav/docker-mailserver/issues/1465
2020-04-23 00:39:56 +02:00
Casper b21e14a1c2
AllowSupplementaryGroups change removed
1. "AllowSupplementaryGroups false" is no longer present in /etc/clamav/clamd.conf, therefore the command does not work anymore.
2. Since Clamd 0.100.0, "AllowSupplementaryGroups" is deprecated. See: https://blog.clamav.net/2018/04/clamav-01000-has-been-released.html

"Deprecation of the AllowSupplementaryGroups parameter statement in clamd, clamav-milter, and freshclam. Use of supplementary is now in effect by default."
2020-04-20 21:11:17 +02:00
Casper 78fd5b8760
-f option removed from rm commands
Let build fail, if file does not exist.
2020-04-19 11:39:43 +02:00
Casper 5d79e56bf0
Cleanup obsolete file removal
`/etc/cron.weekly/fstrim` does not exist, so no need to remove it.
2020-04-18 13:09:50 +02:00
Erik Wramner df26d35695
Merge pull request #1450 from casperklein/patch-1
Upgrade packages, Debian base image not updated often enough.
2020-04-12 08:31:40 +02:00
Casper d56a0f86d5
hadolint ignore 3005 added 2020-04-12 03:18:08 +02:00
Erik Wramner e8a0cdc556 Fix error #792 in logrotate 2020-04-11 09:59:07 +02:00
Nils Knappmeier 370d08fd33 fail2ban: use filter.d/dovecot.conf from distribution
closes #972
2020-04-10 22:21:40 +02:00
Casper 7e96ebe8b9
Upgrade packages
Some packages from the base image are upgradable. For example, that's the case for `libgnutls30` at the moment.
2020-04-10 12:47:58 +02:00
Erik Wramner c24612e992 Removed commented lines 2020-04-05 12:01:57 +02:00
Germain Masse ce41f60888 Move filebeat to its own container 2020-03-20 17:56:18 +01:00
Erik Wramner 85ae8a1471 Fix fail2ban issues and install some suggested amavis packages 2020-01-25 15:33:06 +01:00
Erik Wramner 91b2c9834e Upgrade to buster and remove filebeat 2020-01-25 15:33:06 +01:00
Lukas Elsner b476118514 remove not needed log files after build 2020-01-15 20:29:21 +01:00
Erik Wramner 5da23c066d Added dovecot-solr for full text search 2019-11-10 10:14:27 +01:00
Felix Bartels 7ff9764285
Provide version information through labels (#1256)
* Provide version information through labels

Can be retrieved by calling e.g. `docker inspect -f {{.Config.Labels}} tvial/docker-mailserver:testing`

Signed-off-by: Felix Bartels <felix@host-consultants.de>

* add build hook so that Docker Hub can work with the build args

Signed-off-by: Felix Bartels <felix@host-consultants.de>

* remove obsolete build-no-cache

build args invalidate build cache already

Signed-off-by: Felix Bartels <felix@host-consultants.de>

* adapt travis file

Signed-off-by: Felix Bartels <felix@host-consultants.de>

* shellcheck

Signed-off-by: Felix Bartels <felix@host-consultants.de>
2019-10-23 11:22:23 +02:00
Erik Wramner 008b8e6bce Fix #1093, pflogsumm and logwatch 2019-09-16 08:00:35 +02:00
Felix Bartels 043e184630 Update readme
reorg dockerfile and add comments
2019-09-02 11:16:21 +02:00
Erik Wramner 3618939f21 Ignore hadolint error about parameter expansion 2019-08-30 13:51:48 +02:00
Erik Wramner b766b5646b Change repo for dovecot to fix CVE-2019-11500 2019-08-30 13:43:11 +02:00
Felix Bartels 1ba0991d80
Fix linting errors reported by hadolint (#1211)
* Fix linting errors reported by hadolint
* use full path for folders when listing contents
* add linting task to makefile
2019-08-13 11:41:38 +02:00
Felix Bartels a7408b73e0 Do not remove dh*.pem as they do not exist at this point in time
Signed-off-by: Felix Bartels <felix@host-consultants.de>
2019-08-12 19:31:24 +02:00
Erik Wramner 9d7873850d Move dovecot cert generation to startup 2019-08-10 10:15:35 +02:00
Erik Wramner fc8d684994 Generate dhparams at startup, not build 2019-08-09 22:13:50 +02:00
Martin Schulze fcce47a392 WIP: actually test PERMIT_DOCKER=connected-networks
also showcase timeouts and makefile integration
2019-08-07 02:24:56 +02:00
j-marz 2107793f7f install whois package for use with fail2ban action_mwl email notification 2019-08-01 21:37:02 +10:00
Erik Wramner f21bffe322 Fix 1198 freshclam (#1199)
* Run freshclam as clamav user not root

* Remove freshclam cron job when clamav is disabled
2019-07-29 11:15:49 +02:00
dimalo 70cbfa352b FIX: escape symbols in cron command (#1200) 2019-07-29 11:15:21 +02:00
j-marz c3e7ecc773 Replace ENV with ARG for DEBIAN_FRONTEND (#1180)
Best practice suggests not using ENV for this setting as it persists after build. ARG is only set during build.
2019-07-24 14:48:59 +02:00
Erik Wramner 603dbbd7b0 1175: specify user for cron.d freshclam file (#1176)
* 1175: specify user for cron.d freshclam file

* Fix Dovecot SSL parameters and generate dhparams as for Postfix

* Fixed broken unit tests
2019-07-23 16:12:12 +02:00
Daniel Panteleit cc56b4f89e Calling supervisord directly instead of via shell (Closes: #1047, #1074) 2018-11-04 20:23:50 +01:00
millerjason 53a344a056 Support for additional postgrey options (Close: #998, #999, #1046)
* addnl postgrey whitelist support. closes #998, closes #999.

	modified:   Dockerfile
	modified:   Makefile
	modified:   README.md
	modified:   docker-compose.elk.yml.dist
	modified:   docker-compose.yml.dist
	modified:   target/start-mailserver.sh
	modified:   target/supervisor/conf.d/supervisor-app.conf
	new file:   test/config/whitelist_recipients
	new file:   test/nc_templates/postgrey_whitelist_local.txt
	new file:   test/nc_templates/postgrey_whitelist_recipients.txt
	modified:   test/tests.bats

* match existing indent convention

	modified:   target/start-mailserver.sh

* ISSUE-999: add support for header_checks

	modified:   Dockerfile
	modified:   target/postfix/main.cf

* ISSUE-999: add empty header_check file

	new file:   target/postfix/header_checks.pcre
2018-11-01 19:32:36 +01:00
Cédric Laubacher 9b7cf1d25b Replace MAINTAINER with LABEL (#1042)
MAINTAINER is deprecated
2018-10-01 08:25:34 +02:00
Dingoz 6a69bb192c Fix freshclam cron name (#1019)
This fixes the daily mail error when logrotate tries to restart a non existing freshclam daemon because cron name doesn't fit freshclam init script invoked by logrotate
2018-08-15 08:27:07 +02:00
17Halbe cc7c1f8804 Introducing global filters. (#934)
* Introducing global filters
* added optional after.dovecot.sieve/before.dovecot.sieve files
* added global filter test
2018-04-05 18:54:01 +02:00
17Halbe e403261ba5 Fixes 'duplicate log entry for /var/log/mail/mail.log' (#925, #927) 2018-04-03 19:28:43 +02:00
akmet a420b15370 Adding daily mail review from Issue 839 (#881)
* Added dependencies, binary, startup configuration
* Added env variable to dist files/readme
* send summary after each logrotate, added env variable for mail/logrotate interval
* remove mail.log from rsyslogs logrotate
* rotate mail.log when no email is set
* Added documentation for POSTFIX_LOGROTATE_INTERVAL
* Removed interval option, since its not being tested for.
* changed test to force logrotate to rotate fixed logrotate config
* readded setup_environment, made logrotate_setup being called everytime
* changed documentation for new variable names - again
* Did Documentation, added a default recipient, added test for default config.
* layout fix
* changed variable names apposite the documentation
2018-03-18 19:52:28 +01:00
James ef79e9a65d Generate SRS secret on first run and store it (#891) 2018-03-10 13:41:20 +01:00
17Halbe a73692cc9f Added reject_authenticated_sender_login_mismatch (#872)
* added reject_authenticated_sender_login_mismatch handling including tests
* removed obsolete reject_sender_login_mismatch
* introduced SPOOF_PROTECTION env variable, tests, documentation and missing documentation for TLS_LEVEL
* added missing email template
2018-03-07 19:33:43 +01:00
Thomas A. Kilian 4036588c65 Setting quiet mode on invoke-rc.d (Closes: #792)
This prevents a daily error message
2018-03-07 19:31:10 +01:00
Cédric Laubacher 19cb22a1a5 Generate new DH param weekly instead of daily (#836) 2018-02-12 22:04:02 +01:00
17Halbe ac9be357ce Diffie-Hellman 2048 Bit Parameters should be changed regularly. (#834)
Since it is assumed that the NSA uses Rainbowtables to break default-DHE-Parameters, one is encouraged to change the Parameters periodically.
2018-02-11 18:37:04 +01:00
Jurek Barth e1e4542390 Fix: Add SRS to fix SPF issues on redirect #611 (#814)
* add srs support

* change autorestart behavior

* this may work now

* make postsrsd’s own wrapper file

* fix dockerfile formatting

* fixing tests
2018-02-06 08:11:57 +01:00
Marek Walczak b4b19e76b7 Stretch backport (#813)
* install dovecot from backports

* dovecot 2.2.33 has a slightly different TLS-configuration than 2.2.27

* want to have both images a the same time

* make use of the /etc/dovecot/ssl as mkcert.sh (2.2.33) is using that folder for certs.
2018-02-04 21:27:47 +01:00
Marek Walczak 49b3867c1b debian stretch slim (#784)
* Switch to stretch-slim as base image.
 - first step correct the testdata, as newer packages are more strict
about the mail-structure.

* Switch to stretch-slim: correcting the test-environment and the build
 - add missing build-step to make
 - clean the userdb aswell
 - use timeout of netcat, as postgrey would not close the connection
 - there is 2 extra mail-logs -> assert_output 5
 - cosmetic: use "" instead of ''

* Switch to stretch-slim:
new image:
 - smaller size
 - 0 CVEs compared to 11 CVEs in ubuntu 16.04 Image
better backport situation
 - postfix 3.1.6 vs 3.1.0
 - fail2ban 0.9.6 vs 0.9.3
 ...
changes needed because of stretch-slim:
- add missing gnupg and iproute2 package
- remove non-free rar, unrar-free should do
- rsyslog does not add syslog user and has different conf-structure
- pyzor command discover was deprecated and is missing in the new
stretch package

- dovecot does not know SSLv2 anymore. removed because of warnings in
log

- iptables does not know imap3, IMAP working group chose imap2 in favor
of imap3

* Switch to debian stretch slim:
SSLv2 seems to be a not known protocol anymore - good!

* switch to debian stretch slim:
make this test more stable. there might be more than only one mail.log
(mail.info, mail.warn, ...)

* switch to debian stretc slim:
 new openssl 1.1.0 needs stronger ciphers, removed some weekers ones.
Please, look through the new list of cipher! this needs to be done in
another commit for all other SSL/TLS-Endpoints aswell.

* Switch to debian stretch slim:
let our server pre-empt the cipher list.
Did a read through, wwwDOTpostfixDOTorg/FORWARD_SECRECY_READMEDOThtml
and
wwwDOTpostfixDOTorg/TLS_READMEDOThtml

* Switch to debian stretch slim: lets give this openssl-based test a new and independent but identical container.  many other test on the main 'mail' container might interfere here.

* Switch to debian stretch slim: remove unused lines
2017-12-31 12:33:48 +01:00
kamuri 835939d856 Issue 747 (#748)
* fix for issue #747 (NOT TESTED YET)

Need to test this. Dont merge it yet.

* Small Cleanup and bug fixes Not done Yet!

Not done yet. Dont merge. See comment in issue #747

* Add --ignore-missing. Now is fixed.
2017-10-18 07:43:30 +02:00
kamuri 420e7741a1 Check for account changes and reload (Closes: #552)
Restart the daemons when changes are made to 'postfix-account.cf' and/or 'postfix-virtual.cf'
2017-10-10 08:15:18 +02:00
Darren McGrandle 5961b31e91 Enable user definable fetchmail poll times (#731)
* Enable user definable fetchmail poll times
* create new ENV variable FETCHMAIL_POLL in target/start-mailserver.sh
* change --daemon setting in supervisor-app.conf to use ENV var
* Put FETCHMAIL_POLL env variable in Dockerfile to handle case where
  user does not specify it in their docker-compose.yml
2017-10-04 22:10:18 +02:00
Johan Smits a2efdab5dd Merge pull request #719 from johansmitsnl/supervisor-sock (closes: #707)
fix(): Supervisor socket issue with overlay (closes: #707)
2017-09-17 08:58:46 +02:00
Daniel Panteleit dc6a5fd8e3 Prevent syslog logrotate warnings 2017-09-12 19:50:24 +02:00